diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2016-12-27 17:06:54 +0100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-01-02 00:31:26 +0800 |
| commit | 11f4cab04f6f461074f6c216a192e3c196787805 (patch) | |
| tree | 01b35c3bc9620a52a7f0daa27e523c8538b4459c /policy/modules/admin | |
| parent | Module version bump for systemd patch from Nicolas Iooss. (diff) | |
| download | hardened-refpolicy-11f4cab04f6f461074f6c216a192e3c196787805.tar.gz hardened-refpolicy-11f4cab04f6f461074f6c216a192e3c196787805.tar.bz2 hardened-refpolicy-11f4cab04f6f461074f6c216a192e3c196787805.zip | |
Add file contexts in /usr for /bin, /usr/sbin and /usr/lib
Some policy modules define file contexts in /bin, /sbin and /lib without
defining similar file contexts in the same directory under /usr.
Add these missing file contexts when there are outside ifdef blocks.
Diffstat (limited to 'policy/modules/admin')
| -rw-r--r-- | policy/modules/admin/bootloader.fc | 2 | ||||
| -rw-r--r-- | policy/modules/admin/consoletype.fc | 2 | ||||
| -rw-r--r-- | policy/modules/admin/dmesg.fc | 2 | ||||
| -rw-r--r-- | policy/modules/admin/netutils.fc | 2 | ||||
| -rw-r--r-- | policy/modules/admin/su.fc | 1 |
5 files changed, 9 insertions, 0 deletions
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc index 5b67c167..c43c428b 100644 --- a/policy/modules/admin/bootloader.fc +++ b/policy/modules/admin/bootloader.fc @@ -17,3 +17,5 @@ /usr/sbin/grub2?-install -- gen_context(system_u:object_r:bootloader_exec_t,s0) /usr/sbin/grub2?-mkconfig -- gen_context(system_u:object_r:bootloader_exec_t,s0) /usr/sbin/grub2?-probe -- gen_context(system_u:object_r:bootloader_exec_t,s0) +/usr/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +/usr/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) diff --git a/policy/modules/admin/consoletype.fc b/policy/modules/admin/consoletype.fc index b7f053bf..5d4fc318 100644 --- a/policy/modules/admin/consoletype.fc +++ b/policy/modules/admin/consoletype.fc @@ -1,2 +1,4 @@ /sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0) + +/usr/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0) diff --git a/policy/modules/admin/dmesg.fc b/policy/modules/admin/dmesg.fc index d6cc2d97..0685b190 100644 --- a/policy/modules/admin/dmesg.fc +++ b/policy/modules/admin/dmesg.fc @@ -1,2 +1,4 @@ /bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0) + +/usr/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0) diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc index f5be3f95..44cde12a 100644 --- a/policy/modules/admin/netutils.fc +++ b/policy/modules/admin/netutils.fc @@ -7,6 +7,8 @@ /usr/bin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0) /usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0) +/usr/bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0) diff --git a/policy/modules/admin/su.fc b/policy/modules/admin/su.fc index 688abc2a..3d89250a 100644 --- a/policy/modules/admin/su.fc +++ b/policy/modules/admin/su.fc @@ -3,3 +3,4 @@ /usr/(local/)?bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0) /usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0) +/usr/bin/su -- gen_context(system_u:object_r:su_exec_t,s0) |