Date: Mon, 7 Oct 2002 15:18:29 -0700 (PDT) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18890 for review Message-ID: <200210072218.g97MITS3092040@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18890 Change 18890 by green@green_laptop_2 on 2002/10/07 15:18:08 Correct some pathnames etc. to try to get sebsd policy kicked in the pants enough to work. Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/apmd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/crontab.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ftpd.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/getty.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ifconfig.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/inetd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/login.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpd.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpr.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mail.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mount.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/named.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ntpd.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/opie.fc#1 add .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/passwd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ping.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/portmap.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/quota.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rlogind.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rshd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sendmail.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ssh.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sshd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/su.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/syslogd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tcpd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tftpd.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/traceroute.fc#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xdm.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xfs.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ypbind.fc#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/apmd.fc#2 (text+ko) ==== @@ -1,4 +1,4 @@ # apmd /dev/apm_bios system_u:object_r:apm_bios_t /usr/sbin/apmd system_u:object_r:apmd_exec_t -/usr/bin/apm system_u:object_r:apm_exec_t +/usr/sbin/apm system_u:object_r:apm_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/crontab.fc#2 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ftpd.fc#3 (text+ko) ==== @@ -1,8 +1,5 @@ # ftpd -/usr/sbin/in.ftpd system_u:object_r:ftpd_exec_t -/usr/sbin/proftpd system_u:object_r:ftpd_exec_t -/usr/sbin/muddleftpd system_u:object_r:ftpd_exec_t -/usr/sbin/ftpwho system_u:object_r:ftpd_exec_t -/etc/proftpd.conf system_u:object_r:etc_ftpd_t -/var/run/proftpd/proftpd-inetd system_u:object_r:ftpd_var_run_t -/var/log/muddleftpd.log.* system_u:object_r:xferlog_t +/usr/libexec/(lukem)?ftpd system_u:object_r:ftpd_exec_t +/etc/ftp* system_u:object_r:etc_ftpd_t +/var/run/ftpd.pid-.* system_u:object_r:ftpd_var_run_t +/var/log/ftpd(\..*)? system_u:object_r:xferlog_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/getty.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # getty -/sbin/.*getty system_u:object_r:getty_exec_t +/usr/libexec/getty system_u:object_r:getty_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ifconfig.fc#2 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/inetd.fc#2 (text+ko) ==== @@ -1,6 +1,3 @@ # inetd /usr/sbin/inetd system_u:object_r:inetd_exec_t -/usr/sbin/xinetd system_u:object_r:inetd_exec_t -/usr/sbin/rlinetd system_u:object_r:inetd_exec_t -/usr/sbin/identd system_u:object_r:inetd_child_exec_t -/usr/sbin/in\..*d system_u:object_r:inetd_child_exec_t +(/usr/libexec/(.*ftpd|telnetd|rshd|rlogind|fingerd|rexecd|comsat|ntalkd|tftpd|bootpd|rshd|kipd|rpc\..*d)|/usr/bin/cvs) system_u:object_r:inetd_child_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#2 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/login.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # login -/bin/login system_u:object_r:login_exec_t +/usr/bin/login system_u:object_r:login_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpd.fc#3 (text+ko) ==== @@ -1,6 +1,6 @@ # lpd /dev/printer system_u:object_r:printer_t +#/dev/u?lpt* system_u:object_r:printer_t /usr/sbin/lpd system_u:object_r:lpd_exec_t -/usr/sbin/checkpc system_u:object_r:checkpc_exec_t /var/spool/lpd(/.*)? system_u:object_r:lpd_spool_t /usr/share/printconf/.* system_u:object_r:printconf_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/lpr.fc#2 (text+ko) ==== @@ -1,4 +1,6 @@ # lp utilities. +/usr/bin/lp system_u:object_r:lpr_exec_t /usr/bin/lpr system_u:object_r:lpr_exec_t /usr/bin/lpq system_u:object_r:lpr_exec_t /usr/bin/lprm system_u:object_r:lpr_exec_t +/usr/sbin/lpc system_u:object_r:lpr_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mail.fc#2 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/mount.fc#2 (text+ko) ==== @@ -1,3 +1,3 @@ # mount -/bin/mount system_u:object_r:mount_exec_t -/bin/umount system_u:object_r:mount_exec_t +/sbin/mount* system_u:object_r:mount_exec_t +/sbin/umount system_u:object_r:mount_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/named.fc#3 (text+ko) ==== @@ -1,10 +1,9 @@ # named /var/named(/.*)? system_u:object_r:named_conf_t -/etc/named.conf system_u:object_r:named_conf_t -/etc/bind(/.*)? system_u:object_r:named_zone_t -/etc/bind/named.conf system_u:object_r:named_conf_t +/etc/namedb(/.*)? system_u:object_r:named_zone_t +/etc/namedb/named.conf system_u:object_r:named_conf_t /usr/sbin/named.* system_u:object_r:named_exec_t /usr/sbin/ndc system_u:object_r:ndc_exec_t /var/cache/bind(/.*)? system_u:object_r:named_cache_t -/var/run/ndc system_u:object_r:var_run_named_t +/var/run/named.* system_u:object_r:var_run_named_t /usr/sbin/lwresd system_u:object_r:named_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ntpd.fc#3 (text+ko) ==== @@ -1,6 +1,8 @@ /var/lib/ntp(/.*)? system_u:object_r:var_lib_ntp_t -/etc/ntp.conf system_u:object_r:etc_ntp_t +/etc/ntp\..* system_u:object_r:etc_ntp_t +/var/db/ntp\..* system_u:object_r:etc_ntp_t /usr/sbin/ntpd system_u:object_r:ntpd_exec_t /var/log/ntpstats(/.*)? system_u:object_r:var_log_ntp_t /var/log/ntpd system_u:object_r:var_log_ntp_t -/etc/cron.(daily|weekly)/ntp-simple system_u:object_r:ntpd_exec_t +/var/run/(ntpd\.pid|ntp/.*) system_u:object_r:var_run_ntp_t +/etc/cron\.(daily|weekly)/ntp-simple system_u:object_r:ntpd_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/passwd.fc#2 (text+ko) ==== @@ -1,7 +1,10 @@ # spasswd /usr/local/selinux/bin/spasswd system_u:object_r:passwd_exec_t -/usr/bin/spasswd system_u:object_r:passwd_exec_t +/usr/bin/passwd system_u:object_r:passwd_exec_t /usr/local/selinux/bin/schsh system_u:object_r:passwd_exec_t -/usr/bin/schsh system_u:object_r:passwd_exec_t +/usr/bin/chsh system_u:object_r:passwd_exec_t /usr/local/selinux/bin/schfn system_u:object_r:passwd_exec_t -/usr/bin/schfn system_u:object_r:passwd_exec_t +/usr/bin/chfn system_u:object_r:passwd_exec_t +/usr/local/selinux/bin/schpass system_u:object_r:passwd_exec_t +/usr/bin/chpass system_u:object_r:passwd_exec_t +/usr/bin/yp(passwd|ch.*) system_u:object_r:passwd_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ping.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # ping -/bin/ping system_u:object_r:ping_exec_t +/sbin/ping system_u:object_r:ping_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/portmap.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # portmap -/sbin/portmap system_u:object_r:portmap_exec_t +/usr/sbin/portmap system_u:object_r:portmap_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/quota.fc#3 (text+ko) ==== @@ -1,3 +1,5 @@ # quota system /var/lib/quota(/.*)? system_u:object_r:quota_flag_t -/sbin/quota(check|on) system_u:object_r:quota_exec_t +/usr/sbin/quota.* system_u:object_r:quota_exec_t +/usr/bin/quot.* system_u:object_r:quota_exec_t +quota\.(user|group)$ system_u:object_r:quota_flag_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rlogind.fc#2 (text+ko) ==== @@ -1,3 +1,3 @@ # rlogind and telnetd -/usr/sbin/in.rlogind system_u:object_r:rlogind_exec_t -/usr/sbin/in.telnetd system_u:object_r:rlogind_exec_t +/usr/libexec/rlogind system_u:object_r:rlogind_exec_t +/usr/libexec/telnetd system_u:object_r:rlogind_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/rshd.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # rshd. -/usr/sbin/in.rshd system_u:object_r:rshd_exec_t +/usr/libexec/rshd system_u:object_r:rshd_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sendmail.fc#3 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ssh.fc#2 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/sshd.fc#2 (text+ko) ==== @@ -1,4 +1,5 @@ # sshd +/etc/ssh/moduli system_u:object_r:sshd_key_t /etc/ssh/primes system_u:object_r:sshd_key_t /etc/ssh/ssh_host_key system_u:object_r:sshd_key_t /etc/ssh/ssh_host_dsa_key system_u:object_r:sshd_key_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/su.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # su -/bin/su system_u:object_r:su_exec_t +/usr/bin/su system_u:object_r:su_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/syslogd.fc#2 (text+ko) ==== @@ -3,3 +3,4 @@ /sbin/minilogd system_u:object_r:syslogd_exec_t /usr/sbin/syslogd system_u:object_r:syslogd_exec_t /dev/log system_u:object_r:devlog_t +/var/run/log system_u:object_r:devlog_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tcpd.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # tcpd -/usr/sbin/tcpd system_u:object_r:tcpd_exec_t +/usr/libexec/tcpd system_u:object_r:tcpd_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/tftpd.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # tftpd -/usr/sbin/in.tftpd system_u:object_r:tftpd_exec_t +/usr/libexec/tftpd system_u:object_r:tftpd_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/traceroute.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # traceroute -/usr/bin/traceroute system_u:object_r:traceroute_exec_t +/usr/sbin/traceroute system_u:object_r:traceroute_exec_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xdm.fc#3 (text+ko) ==== @@ -1,10 +1,10 @@ # X Display Manager -/usr/bin/[xgk]dm system_u:object_r:xdm_exec_t +/usr/(local|X11R6)/bin/[xgk]dm system_u:object_r:xdm_exec_t /var/[xgk]dm(/.*)? system_u:object_r:xdm_log_t /usr/var/[xgk]dm(/.*)? system_u:object_r:xdm_log_t /var/log/kdm.log system_u:object_r:xdm_log_t # Uncomment if you are running an X Display Manager. -#/var/log/XFree86.* system_u:object_r:xdm_log_t -#/tmp/.X11-unix(/.*)? system_u:object_r:xdm_tmp_t -#/tmp/.X0-lock system_u:object_r:xdm_tmp_t +/var/log/XFree86.* system_u:object_r:xdm_log_t +/tmp/.X11-unix(/.*)? system_u:object_r:xdm_tmp_t +/tmp/.X0-lock system_u:object_r:xdm_tmp_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/xfs.fc#3 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ypbind.fc#2 (text+ko) ==== @@ -1,2 +1,2 @@ # ypbind -/sbin/ypbind system_u:object_r:ypbind_exec_t +/usr/sbin/ypbind system_u:object_r:ypbind_exec_t To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210072218.g97MITS3092040>