PERFORCE change 18890 for review

Brian Feldman green at freebsd.org
Mon Oct 7 22:18:29 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18890

Change 18890 by green at green_laptop_2 on 2002/10/07 15:18:08

	Correct some pathnames etc. to try to get sebsd policy kicked
	in the pants enough to work.

Affected files ...

.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/apmd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/crontab.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ftpd.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/getty.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ifconfig.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/inetd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/login.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpd.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpr.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mail.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mount.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/named.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ntpd.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/opie.fc#1 add
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/passwd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ping.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/portmap.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/quota.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rlogind.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rshd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sendmail.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ssh.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sshd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/su.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/syslogd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tcpd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tftpd.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/traceroute.fc#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xdm.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xfs.fc#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ypbind.fc#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/apmd.fc#2 (text+ko) ====

@@ -1,4 +1,4 @@
 # apmd
 /dev/apm_bios			system_u:object_r:apm_bios_t
 /usr/sbin/apmd			system_u:object_r:apmd_exec_t
-/usr/bin/apm			system_u:object_r:apm_exec_t
+/usr/sbin/apm			system_u:object_r:apm_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/crontab.fc#2 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ftpd.fc#3 (text+ko) ====

@@ -1,8 +1,5 @@
 # ftpd
-/usr/sbin/in.ftpd		system_u:object_r:ftpd_exec_t
-/usr/sbin/proftpd		system_u:object_r:ftpd_exec_t
-/usr/sbin/muddleftpd		system_u:object_r:ftpd_exec_t
-/usr/sbin/ftpwho		system_u:object_r:ftpd_exec_t
-/etc/proftpd.conf		system_u:object_r:etc_ftpd_t
-/var/run/proftpd/proftpd-inetd	system_u:object_r:ftpd_var_run_t
-/var/log/muddleftpd.log.*	system_u:object_r:xferlog_t
+/usr/libexec/(lukem)?ftpd	system_u:object_r:ftpd_exec_t
+/etc/ftp*			system_u:object_r:etc_ftpd_t
+/var/run/ftpd.pid-.*		system_u:object_r:ftpd_var_run_t
+/var/log/ftpd(\..*)?		system_u:object_r:xferlog_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/getty.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # getty
-/sbin/.*getty			system_u:object_r:getty_exec_t
+/usr/libexec/getty			system_u:object_r:getty_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ifconfig.fc#2 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/inetd.fc#2 (text+ko) ====

@@ -1,6 +1,3 @@
 # inetd
 /usr/sbin/inetd			system_u:object_r:inetd_exec_t
-/usr/sbin/xinetd		system_u:object_r:inetd_exec_t
-/usr/sbin/rlinetd		system_u:object_r:inetd_exec_t
-/usr/sbin/identd		system_u:object_r:inetd_child_exec_t
-/usr/sbin/in\..*d		system_u:object_r:inetd_child_exec_t
+(/usr/libexec/(.*ftpd|telnetd|rshd|rlogind|fingerd|rexecd|comsat|ntalkd|tftpd|bootpd|rshd|kipd|rpc\..*d)|/usr/bin/cvs)		system_u:object_r:inetd_child_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#2 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/login.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # login
-/bin/login			system_u:object_r:login_exec_t
+/usr/bin/login			system_u:object_r:login_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpd.fc#3 (text+ko) ====

@@ -1,6 +1,6 @@
 # lpd
 /dev/printer			system_u:object_r:printer_t
+#/dev/u?lpt*			system_u:object_r:printer_t
 /usr/sbin/lpd			system_u:object_r:lpd_exec_t
-/usr/sbin/checkpc		system_u:object_r:checkpc_exec_t
 /var/spool/lpd(/.*)?		system_u:object_r:lpd_spool_t
 /usr/share/printconf/.*		system_u:object_r:printconf_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpr.fc#2 (text+ko) ====

@@ -1,4 +1,6 @@
 # lp utilities.
+/usr/bin/lp			system_u:object_r:lpr_exec_t
 /usr/bin/lpr			system_u:object_r:lpr_exec_t
 /usr/bin/lpq			system_u:object_r:lpr_exec_t
 /usr/bin/lprm			system_u:object_r:lpr_exec_t
+/usr/sbin/lpc			system_u:object_r:lpr_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mail.fc#2 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mount.fc#2 (text+ko) ====

@@ -1,3 +1,3 @@
 # mount
-/bin/mount 	                system_u:object_r:mount_exec_t
-/bin/umount                     system_u:object_r:mount_exec_t
+/sbin/mount* 	                system_u:object_r:mount_exec_t
+/sbin/umount                    system_u:object_r:mount_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/named.fc#3 (text+ko) ====

@@ -1,10 +1,9 @@
 # named
 /var/named(/.*)?      		system_u:object_r:named_conf_t
-/etc/named.conf       		system_u:object_r:named_conf_t
-/etc/bind(/.*)?			system_u:object_r:named_zone_t
-/etc/bind/named.conf		system_u:object_r:named_conf_t
+/etc/namedb(/.*)?		system_u:object_r:named_zone_t
+/etc/namedb/named.conf		system_u:object_r:named_conf_t
 /usr/sbin/named.*      		system_u:object_r:named_exec_t
 /usr/sbin/ndc			system_u:object_r:ndc_exec_t
 /var/cache/bind(/.*)?		system_u:object_r:named_cache_t
-/var/run/ndc			system_u:object_r:var_run_named_t
+/var/run/named.*		system_u:object_r:var_run_named_t
 /usr/sbin/lwresd		system_u:object_r:named_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ntpd.fc#3 (text+ko) ====

@@ -1,6 +1,8 @@
 /var/lib/ntp(/.*)?              system_u:object_r:var_lib_ntp_t
-/etc/ntp.conf                   system_u:object_r:etc_ntp_t
+/etc/ntp\..*                    system_u:object_r:etc_ntp_t
+/var/db/ntp\..*			system_u:object_r:etc_ntp_t
 /usr/sbin/ntpd                  system_u:object_r:ntpd_exec_t
 /var/log/ntpstats(/.*)?         system_u:object_r:var_log_ntp_t
 /var/log/ntpd                   system_u:object_r:var_log_ntp_t
-/etc/cron.(daily|weekly)/ntp-simple system_u:object_r:ntpd_exec_t
+/var/run/(ntpd\.pid|ntp/.*)	system_u:object_r:var_run_ntp_t
+/etc/cron\.(daily|weekly)/ntp-simple system_u:object_r:ntpd_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/passwd.fc#2 (text+ko) ====

@@ -1,7 +1,10 @@
 # spasswd
 /usr/local/selinux/bin/spasswd	system_u:object_r:passwd_exec_t
-/usr/bin/spasswd		system_u:object_r:passwd_exec_t
+/usr/bin/passwd			system_u:object_r:passwd_exec_t
 /usr/local/selinux/bin/schsh	system_u:object_r:passwd_exec_t
-/usr/bin/schsh			system_u:object_r:passwd_exec_t
+/usr/bin/chsh			system_u:object_r:passwd_exec_t
 /usr/local/selinux/bin/schfn	system_u:object_r:passwd_exec_t
-/usr/bin/schfn			system_u:object_r:passwd_exec_t
+/usr/bin/chfn			system_u:object_r:passwd_exec_t
+/usr/local/selinux/bin/schpass	system_u:object_r:passwd_exec_t
+/usr/bin/chpass			system_u:object_r:passwd_exec_t
+/usr/bin/yp(passwd|ch.*)	system_u:object_r:passwd_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ping.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # ping
-/bin/ping 			system_u:object_r:ping_exec_t
+/sbin/ping 			system_u:object_r:ping_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/portmap.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # portmap
-/sbin/portmap			system_u:object_r:portmap_exec_t
+/usr/sbin/portmap		system_u:object_r:portmap_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/quota.fc#3 (text+ko) ====

@@ -1,3 +1,5 @@
 # quota system
 /var/lib/quota(/.*)?		system_u:object_r:quota_flag_t
-/sbin/quota(check|on)		system_u:object_r:quota_exec_t
+/usr/sbin/quota.*		system_u:object_r:quota_exec_t
+/usr/bin/quot.*			system_u:object_r:quota_exec_t
+quota\.(user|group)$		system_u:object_r:quota_flag_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rlogind.fc#2 (text+ko) ====

@@ -1,3 +1,3 @@
 # rlogind and telnetd
-/usr/sbin/in.rlogind		system_u:object_r:rlogind_exec_t
-/usr/sbin/in.telnetd		system_u:object_r:rlogind_exec_t
+/usr/libexec/rlogind		system_u:object_r:rlogind_exec_t
+/usr/libexec/telnetd		system_u:object_r:rlogind_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rshd.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # rshd.
-/usr/sbin/in.rshd		system_u:object_r:rshd_exec_t
+/usr/libexec/rshd		system_u:object_r:rshd_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sendmail.fc#3 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ssh.fc#2 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sshd.fc#2 (text+ko) ====

@@ -1,4 +1,5 @@
 # sshd
+/etc/ssh/moduli                 system_u:object_r:sshd_key_t
 /etc/ssh/primes                 system_u:object_r:sshd_key_t
 /etc/ssh/ssh_host_key 		system_u:object_r:sshd_key_t
 /etc/ssh/ssh_host_dsa_key       system_u:object_r:sshd_key_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/su.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # su
-/bin/su				system_u:object_r:su_exec_t
+/usr/bin/su				system_u:object_r:su_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/syslogd.fc#2 (text+ko) ====

@@ -3,3 +3,4 @@
 /sbin/minilogd			system_u:object_r:syslogd_exec_t
 /usr/sbin/syslogd		system_u:object_r:syslogd_exec_t
 /dev/log			system_u:object_r:devlog_t
+/var/run/log			system_u:object_r:devlog_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tcpd.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # tcpd
-/usr/sbin/tcpd			system_u:object_r:tcpd_exec_t
+/usr/libexec/tcpd		system_u:object_r:tcpd_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tftpd.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # tftpd
-/usr/sbin/in.tftpd		system_u:object_r:tftpd_exec_t
+/usr/libexec/tftpd		system_u:object_r:tftpd_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/traceroute.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # traceroute
-/usr/bin/traceroute		system_u:object_r:traceroute_exec_t
+/usr/sbin/traceroute		system_u:object_r:traceroute_exec_t

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xdm.fc#3 (text+ko) ====

@@ -1,10 +1,10 @@
 # X Display Manager
-/usr/bin/[xgk]dm                system_u:object_r:xdm_exec_t
+/usr/(local|X11R6)/bin/[xgk]dm  system_u:object_r:xdm_exec_t
 /var/[xgk]dm(/.*)?              system_u:object_r:xdm_log_t
 /usr/var/[xgk]dm(/.*)?          system_u:object_r:xdm_log_t
 /var/log/kdm.log		system_u:object_r:xdm_log_t
 # Uncomment if you are running an X Display Manager.
-#/var/log/XFree86.*		system_u:object_r:xdm_log_t
-#/tmp/.X11-unix(/.*)?            system_u:object_r:xdm_tmp_t
-#/tmp/.X0-lock                   system_u:object_r:xdm_tmp_t
+/var/log/XFree86.*		system_u:object_r:xdm_log_t
+/tmp/.X11-unix(/.*)?           system_u:object_r:xdm_tmp_t
+/tmp/.X0-lock                  system_u:object_r:xdm_tmp_t
 

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xfs.fc#3 (text+ko) ====


==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ypbind.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # ypbind
-/sbin/ypbind			system_u:object_r:ypbind_exec_t
+/usr/sbin/ypbind		system_u:object_r:ypbind_exec_t
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list