From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-896839-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9E91D13832F
	for <garchives@archives.gentoo.org>; Sat, 13 Aug 2016 18:32:39 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2301B21C1EE;
	Sat, 13 Aug 2016 18:32:12 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 1877121C1BB
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:32:06 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 252AE340CCC
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:32:05 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 4BFD72464
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:32:01 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1471112583.89d1ba7ab8b4bd7188379b36d18464a912491e55.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/apache.fc policy/modules/contrib/apache.te policy/modules/contrib/apcupsd.fc policy/modules/contrib/apcupsd.te policy/modules/contrib/apm.fc policy/modules/contrib/apm.te policy/modules/contrib/arpwatch.fc policy/modules/contrib/arpwatch.te policy/modules/contrib/automount.fc policy/modules/contrib/automount.te policy/modules/contrib/avahi.fc policy/modules/contrib/avahi.te policy/modules/contrib/bind.fc policy/modules/contrib/bind.te policy/modules/contrib/clamav.fc policy/modules/contrib/clamav.te policy/modules/contrib/consolekit.fc policy/modules/contrib/consolekit.te policy/modules/contrib/cron.fc policy/modules/contrib/cron.te policy/modules/contrib/cups.fc policy/modules/contrib/cups.te policy/modules/contrib/dhcp.fc policy/modules/contrib/dhcp.te policy/modules/contrib/ftp.fc policy/modules/contrib/ftp.te policy/modules/contrib/kdump.fc policy/modules/contrib/kdump.te policy/modules/contrib/ldap.fc policy/modules/contrib/ldap.te policy/modu
 les/contrib/mysql.fc policy/modules/contrib/mysql.te policy/modules/contrib/nis.fc policy/modules/contrib/nis.te policy/modules/contrib/nscd.te policy/modules/contrib/ntp.fc policy/modules/contrib/ppp.fc policy/modules/contrib/ppp.te policy/modules/contrib/rpc.fc policy/modules/contrib/rpc.te policy/modules/contrib/samba.fc policy/modules/contrib/samba.te policy/modules/contrib/tor.fc policy/modules/contrib/tor.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 89d1ba7ab8b4bd7188379b36d18464a912491e55
X-VCS-Branch: master
Date: Sat, 13 Aug 2016 18:32:01 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 8bd6b92b-e2e3-4ae3-9b53-0a01e5c4e38d
X-Archives-Hash: e3110011b9df3eda70a222486ff1e9cd

commit:     89d1ba7ab8b4bd7188379b36d18464a912491e55
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Aug  6 23:13:32 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=89d1ba7a

Systemd units from Russell Coker.

 policy/modules/contrib/apache.fc     | 2 ++
 policy/modules/contrib/apache.te     | 5 ++++-
 policy/modules/contrib/apcupsd.fc    | 2 ++
 policy/modules/contrib/apcupsd.te    | 5 ++++-
 policy/modules/contrib/apm.fc        | 2 ++
 policy/modules/contrib/apm.te        | 5 ++++-
 policy/modules/contrib/arpwatch.fc   | 2 ++
 policy/modules/contrib/arpwatch.te   | 5 ++++-
 policy/modules/contrib/automount.fc  | 2 ++
 policy/modules/contrib/automount.te  | 5 ++++-
 policy/modules/contrib/avahi.fc      | 2 ++
 policy/modules/contrib/avahi.te      | 5 ++++-
 policy/modules/contrib/bind.fc       | 3 +++
 policy/modules/contrib/bind.te       | 5 ++++-
 policy/modules/contrib/clamav.fc     | 2 ++
 policy/modules/contrib/clamav.te     | 5 ++++-
 policy/modules/contrib/consolekit.fc | 2 ++
 policy/modules/contrib/consolekit.te | 5 ++++-
 policy/modules/contrib/cron.fc       | 3 +++
 policy/modules/contrib/cron.te       | 5 ++++-
 policy/modules/contrib/cups.fc       | 1 +
 policy/modules/contrib/cups.te       | 5 ++++-
 policy/modules/contrib/dhcp.fc       | 2 ++
 policy/modules/contrib/dhcp.te       | 5 ++++-
 policy/modules/contrib/ftp.fc        | 3 +++
 policy/modules/contrib/ftp.te        | 5 ++++-
 policy/modules/contrib/kdump.fc      | 2 ++
 policy/modules/contrib/kdump.te      | 2 +-
 policy/modules/contrib/ldap.fc       | 1 +
 policy/modules/contrib/ldap.te       | 5 ++++-
 policy/modules/contrib/mysql.fc      | 2 ++
 policy/modules/contrib/mysql.te      | 5 ++++-
 policy/modules/contrib/nis.fc        | 5 +++++
 policy/modules/contrib/nis.te        | 8 +++++++-
 policy/modules/contrib/nscd.te       | 5 ++++-
 policy/modules/contrib/ntp.fc        | 1 +
 policy/modules/contrib/ppp.fc        | 2 ++
 policy/modules/contrib/ppp.te        | 5 ++++-
 policy/modules/contrib/rpc.fc        | 3 +++
 policy/modules/contrib/rpc.te        | 8 +++++++-
 policy/modules/contrib/samba.fc      | 2 ++
 policy/modules/contrib/samba.te      | 5 ++++-
 policy/modules/contrib/tor.fc        | 2 ++
 policy/modules/contrib/tor.te        | 5 ++++-
 44 files changed, 139 insertions(+), 22 deletions(-)

diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc
index 96006a0..808cc65 100644
--- a/policy/modules/contrib/apache.fc
+++ b/policy/modules/contrib/apache.fc
@@ -50,6 +50,8 @@ HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)?	gen_context(system_u:objec
 /usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 /usr/lib/httpd(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
 /usr/lib/lighttpd(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
+/usr/lib/systemd/system/httpd.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
+/usr/lib/systemd/system/jetty.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
 
 /usr/libexec/httpd-ssl-pass-dialog	--	gen_context(system_u:object_r:httpd_passwd_exec_t,s0)
 

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d3299a2..e02fcdc 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -1,4 +1,4 @@
-policy_module(apache, 2.10.0)
+policy_module(apache, 2.10.1)
 
 ########################################
 #
@@ -327,6 +327,9 @@ files_tmp_file(httpd_tmp_t)
 type httpd_tmpfs_t;
 files_tmpfs_file(httpd_tmpfs_t)
 
+type httpd_unit_t;
+init_unit_file(httpd_unit_t)
+
 apache_content_template(user)
 ubac_constrained(httpd_user_script_t)
 userdom_user_home_content(httpd_user_content_t)

diff --git a/policy/modules/contrib/apcupsd.fc b/policy/modules/contrib/apcupsd.fc
index 5ec0e13..82d48b1 100644
--- a/policy/modules/contrib/apcupsd.fc
+++ b/policy/modules/contrib/apcupsd.fc
@@ -2,6 +2,8 @@
 
 /sbin/apcupsd	--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 
+/usr/lib/systemd/system/apcupsd.*\.service -- gen_context(system_u:object_r:apcupsd_unit_t,s0)
+
 /usr/sbin/apcupsd	--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 
 /var/lock/subsys/apcupsd	--	gen_context(system_u:object_r:apcupsd_lock_t,s0)

diff --git a/policy/modules/contrib/apcupsd.te b/policy/modules/contrib/apcupsd.te
index d5bf5bd..586104d 100644
--- a/policy/modules/contrib/apcupsd.te
+++ b/policy/modules/contrib/apcupsd.te
@@ -1,4 +1,4 @@
-policy_module(apcupsd, 1.10.0)
+policy_module(apcupsd, 1.10.1)
 
 ########################################
 #
@@ -21,6 +21,9 @@ logging_log_file(apcupsd_log_t)
 type apcupsd_tmp_t;
 files_tmp_file(apcupsd_tmp_t)
 
+type apcupsd_unit_t;
+init_unit_file(apcupsd_unit_t)
+
 type apcupsd_var_run_t;
 files_pid_file(apcupsd_var_run_t)
 

diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
index ce27d2f..0b5cf18 100644
--- a/policy/modules/contrib/apm.fc
+++ b/policy/modules/contrib/apm.fc
@@ -2,6 +2,8 @@
 
 /usr/bin/apm	--	gen_context(system_u:object_r:apm_exec_t,s0)
 
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
+
 /usr/sbin/acpid	--	gen_context(system_u:object_r:apmd_exec_t,s0)
 /usr/sbin/apmd	--	gen_context(system_u:object_r:apmd_exec_t,s0)
 /usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)

diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
index d6344dc..3acc764 100644
--- a/policy/modules/contrib/apm.te
+++ b/policy/modules/contrib/apm.te
@@ -1,4 +1,4 @@
-policy_module(apm, 1.14.0)
+policy_module(apm, 1.14.1)
 
 ########################################
 #
@@ -29,6 +29,9 @@ logging_log_file(apmd_log_t)
 type apmd_tmp_t;
 files_tmp_file(apmd_tmp_t)
 
+type apmd_unit_t;
+init_unit_file(apmd_unit_t)
+
 type apmd_var_lib_t;
 files_type(apmd_var_lib_t)
 

diff --git a/policy/modules/contrib/arpwatch.fc b/policy/modules/contrib/arpwatch.fc
index 9ca0d0f..59498be 100644
--- a/policy/modules/contrib/arpwatch.fc
+++ b/policy/modules/contrib/arpwatch.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/arpwatch	--	gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/arpwatch.*\.service -- gen_context(system_u:object_r:arpwatch_unit_t,s0)
+
 /usr/sbin/arpwatch	--	gen_context(system_u:object_r:arpwatch_exec_t,s0)
 
 /var/arpwatch(/.*)?	gen_context(system_u:object_r:arpwatch_data_t,s0)

diff --git a/policy/modules/contrib/arpwatch.te b/policy/modules/contrib/arpwatch.te
index 97ecc55..0cda29a 100644
--- a/policy/modules/contrib/arpwatch.te
+++ b/policy/modules/contrib/arpwatch.te
@@ -1,4 +1,4 @@
-policy_module(arpwatch, 1.12.0)
+policy_module(arpwatch, 1.12.1)
 
 ########################################
 #
@@ -18,6 +18,9 @@ files_type(arpwatch_data_t)
 type arpwatch_tmp_t;
 files_tmp_file(arpwatch_tmp_t)
 
+type arpwatch_unit_t;
+init_unit_file(arpwatch_unit_t)
+
 type arpwatch_var_run_t;
 files_pid_file(arpwatch_var_run_t)
 

diff --git a/policy/modules/contrib/automount.fc b/policy/modules/contrib/automount.fc
index 92adb37..989c10e 100644
--- a/policy/modules/contrib/automount.fc
+++ b/policy/modules/contrib/automount.fc
@@ -1,6 +1,8 @@
 /etc/apm/event\.d/autofs	--	gen_context(system_u:object_r:automount_exec_t,s0)
 /etc/rc\.d/init\.d/autofs	--	gen_context(system_u:object_r:automount_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/autofs.*\.service -- gen_context(system_u:object_r:automount_unit_t,s0)
+
 /usr/sbin/automount	--	gen_context(system_u:object_r:automount_exec_t,s0)
 
 /var/lock/subsys/autofs	--	gen_context(system_u:object_r:automount_lock_t,s0)

diff --git a/policy/modules/contrib/automount.te b/policy/modules/contrib/automount.te
index be5adee..2f5852e 100644
--- a/policy/modules/contrib/automount.te
+++ b/policy/modules/contrib/automount.te
@@ -1,4 +1,4 @@
-policy_module(automount, 1.16.0)
+policy_module(automount, 1.16.1)
 
 ########################################
 #
@@ -22,6 +22,9 @@ type automount_tmp_t;
 files_tmp_file(automount_tmp_t)
 files_mountpoint(automount_tmp_t)
 
+type automount_unit_t;
+init_unit_file(automount_unit_t)
+
 type automount_var_run_t;
 files_pid_file(automount_var_run_t)
 

diff --git a/policy/modules/contrib/avahi.fc b/policy/modules/contrib/avahi.fc
index e9fe2ca..f6604ae 100644
--- a/policy/modules/contrib/avahi.fc
+++ b/policy/modules/contrib/avahi.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/avahi.*	--	gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/avahi.*\.service -- gen_context(system_u:object_r:avahi_unit_t,s0)
+
 /usr/sbin/avahi-daemon	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 /usr/sbin/avahi-dnsconfd	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 /usr/sbin/avahi-autoipd	--	gen_context(system_u:object_r:avahi_exec_t,s0)

diff --git a/policy/modules/contrib/avahi.te b/policy/modules/contrib/avahi.te
index 461cef0..40cba10 100644
--- a/policy/modules/contrib/avahi.te
+++ b/policy/modules/contrib/avahi.te
@@ -1,4 +1,4 @@
-policy_module(avahi, 1.16.0)
+policy_module(avahi, 1.16.1)
 
 ########################################
 #
@@ -13,6 +13,9 @@ init_named_socket_activation(avahi_t, avahi_var_run_t)
 type avahi_initrc_exec_t;
 init_script_file(avahi_initrc_exec_t)
 
+type avahi_unit_t;
+init_unit_file(avahi_unit_t)
+
 type avahi_var_lib_t;
 files_pid_file(avahi_var_lib_t)
 

diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc
index 2b9a3a1..d0c6d58 100644
--- a/policy/modules/contrib/bind.fc
+++ b/policy/modules/contrib/bind.fc
@@ -14,6 +14,9 @@
 /etc/unbound(/.*)?	gen_context(system_u:object_r:named_conf_t,s0)
 /etc/unbound/.*\.key	--	gen_context(system_u:object_r:dnssec_t,s0)
 
+/usr/lib/systemd/system/named.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+/usr/lib/systemd/system/unbound.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+
 /usr/sbin/lwresd	--	gen_context(system_u:object_r:named_exec_t,s0)
 /usr/sbin/named	--	gen_context(system_u:object_r:named_exec_t,s0)
 /usr/sbin/named-checkconf	--	gen_context(system_u:object_r:named_checkconf_exec_t,s0)

diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
index 0683298..e3072c7 100644
--- a/policy/modules/contrib/bind.te
+++ b/policy/modules/contrib/bind.te
@@ -1,4 +1,4 @@
-policy_module(bind, 1.16.1)
+policy_module(bind, 1.16.2)
 
 ########################################
 #
@@ -53,6 +53,9 @@ logging_log_file(named_log_t)
 type named_tmp_t;
 files_tmp_file(named_tmp_t)
 
+type named_unit_t;
+init_unit_file(named_unit_t)
+
 type named_var_run_t;
 files_pid_file(named_var_run_t)
 init_daemon_pid_file(named_var_run_t, dir, "named")

diff --git a/policy/modules/contrib/clamav.fc b/policy/modules/contrib/clamav.fc
index d72afcc..f12497d 100644
--- a/policy/modules/contrib/clamav.fc
+++ b/policy/modules/contrib/clamav.fc
@@ -6,6 +6,8 @@
 /usr/bin/clamdscan	--	gen_context(system_u:object_r:clamscan_exec_t,s0)
 /usr/bin/freshclam	--	gen_context(system_u:object_r:freshclam_exec_t,s0)
 
+/usr/lib/systemd/system/clamd.*\.service -- gen_context(system_u:object_r:clamd_unit_t,s0)
+
 /usr/sbin/clamd	--	gen_context(system_u:object_r:clamd_exec_t,s0)
 /usr/sbin/clamav-milter	--	gen_context(system_u:object_r:clamd_exec_t,s0)
 

diff --git a/policy/modules/contrib/clamav.te b/policy/modules/contrib/clamav.te
index c157b65..d733ffb 100644
--- a/policy/modules/contrib/clamav.te
+++ b/policy/modules/contrib/clamav.te
@@ -1,4 +1,4 @@
-policy_module(clamav, 1.12.0)
+policy_module(clamav, 1.12.1)
 
 ## <desc>
 ##	<p>
@@ -41,6 +41,9 @@ init_script_file(clamd_initrc_exec_t)
 type clamd_tmp_t;
 files_tmp_file(clamd_tmp_t)
 
+type clamd_unit_t;
+init_unit_file(clamd_unit_t)
+
 type clamd_var_log_t;
 logging_log_file(clamd_var_log_t)
 

diff --git a/policy/modules/contrib/consolekit.fc b/policy/modules/contrib/consolekit.fc
index 0ce1e53..3ce852a 100644
--- a/policy/modules/contrib/consolekit.fc
+++ b/policy/modules/contrib/consolekit.fc
@@ -1,3 +1,5 @@
+/usr/lib/systemd/system/console-kit.*\.service -- gen_context(system_u:object_r:consolekit_unit_t,s0)
+
 /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
 
 /var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)

diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index a3fd0bf..80c18fa 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -1,4 +1,4 @@
-policy_module(consolekit, 1.10.1)
+policy_module(consolekit, 1.10.2)
 
 ########################################
 #
@@ -15,6 +15,9 @@ logging_log_file(consolekit_log_t)
 type consolekit_tmpfs_t;
 files_tmpfs_file(consolekit_tmpfs_t)
 
+type consolekit_unit_t;
+init_unit_file(consolekit_unit_t)
+
 type consolekit_var_run_t;
 files_pid_file(consolekit_var_run_t)
 init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")

diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc
index cbb19b7..21ca917 100644
--- a/policy/modules/contrib/cron.fc
+++ b/policy/modules/contrib/cron.fc
@@ -6,6 +6,9 @@
 
 /usr/bin/(f)?crontab	--	gen_context(system_u:object_r:crontab_exec_t,s0)
 
+/usr/lib/systemd/system/atd.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
+/usr/lib/systemd/system/crond.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
+
 /usr/libexec/fcron	--	gen_context(system_u:object_r:crond_exec_t,s0)
 /usr/libexec/fcronsighup	--	gen_context(system_u:object_r:crontab_exec_t,s0)
 

diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index d26bdb2..0125df0 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -1,4 +1,4 @@
-policy_module(cron, 2.9.1)
+policy_module(cron, 2.9.2)
 
 gen_require(`
 	class passwd rootok;
@@ -76,6 +76,9 @@ files_tmp_file(crond_tmp_t)
 files_poly_parent(crond_tmp_t)
 mta_system_content(crond_tmp_t)
 
+type crond_unit_t;
+init_unit_file(crond_unit_t)
+
 type crond_var_run_t;
 files_pid_file(crond_var_run_t)
 mta_system_content(crond_var_run_t)

diff --git a/policy/modules/contrib/cups.fc b/policy/modules/contrib/cups.fc
index 949011e..ecea069 100644
--- a/policy/modules/contrib/cups.fc
+++ b/policy/modules/contrib/cups.fc
@@ -34,6 +34,7 @@
 /usr/lib/cups/daemon/cups-lpd	--	gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
 /usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 /usr/lib/cups/backend/hp.*	--	gen_context(system_u:object_r:hplip_exec_t,s0)
+/usr/lib/systemd/system/cups.*\.service -- gen_context(system_u:object_r:cupsd_unit_t,s0)
 /usr/lib/udev/udev-configure-printer	--	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
 
 /usr/libexec/cups-pk-helper-mechanism	--	gen_context(system_u:object_r:cupsd_config_exec_t,s0)

diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 1edccbe..6fd2ee5 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -1,4 +1,4 @@
-policy_module(cups, 1.19.0)
+policy_module(cups, 1.19.1)
 
 ########################################
 #
@@ -58,6 +58,9 @@ files_tmp_file(cups_pdf_tmp_t)
 type cupsd_tmp_t;
 files_tmp_file(cupsd_tmp_t)
 
+type cupsd_unit_t;
+init_unit_file(cupsd_unit_t)
+
 type cupsd_var_run_t;
 files_pid_file(cupsd_var_run_t)
 init_daemon_pid_file(cupsd_var_run_t, dir, "cups")

diff --git a/policy/modules/contrib/dhcp.fc b/policy/modules/contrib/dhcp.fc
index 8182c48..bf65642 100644
--- a/policy/modules/contrib/dhcp.fc
+++ b/policy/modules/contrib/dhcp.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/dhcpd(6)?	--	gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/dhcpcd.*\.service   --      gen_context(system_u:object_r:dhcpd_unit_t,s0)
+
 /usr/sbin/dhcpd.*	--	gen_context(system_u:object_r:dhcpd_exec_t,s0)
 
 /var/lib/dhcpd(/.*)?	gen_context(system_u:object_r:dhcpd_state_t,s0)

diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te
index 2d64a81..927e1d9 100644
--- a/policy/modules/contrib/dhcp.te
+++ b/policy/modules/contrib/dhcp.te
@@ -1,4 +1,4 @@
-policy_module(dhcp, 1.12.0)
+policy_module(dhcp, 1.12.1)
 
 ########################################
 #
@@ -26,6 +26,9 @@ files_type(dhcpd_state_t)
 type dhcpd_tmp_t;
 files_tmp_file(dhcpd_tmp_t)
 
+type dhcpd_unit_t;
+init_unit_file(dhcpd_unit_t)
+
 type dhcpd_var_run_t;
 files_pid_file(dhcpd_var_run_t)
 

diff --git a/policy/modules/contrib/ftp.fc b/policy/modules/contrib/ftp.fc
index fa132af..366809a 100644
--- a/policy/modules/contrib/ftp.fc
+++ b/policy/modules/contrib/ftp.fc
@@ -9,6 +9,9 @@
 
 /usr/kerberos/sbin/ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 
+/usr/lib/systemd/system/proftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
+/usr/lib/systemd/system/vsftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
+
 /usr/sbin/ftpwho	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 /usr/sbin/in\.ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 /usr/sbin/muddleftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)

diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
index d143280..8b83ad7 100644
--- a/policy/modules/contrib/ftp.te
+++ b/policy/modules/contrib/ftp.te
@@ -1,4 +1,4 @@
-policy_module(ftp, 1.18.1)
+policy_module(ftp, 1.18.2)
 
 ########################################
 #
@@ -136,6 +136,9 @@ files_tmp_file(ftpd_tmp_t)
 type ftpd_tmpfs_t;
 files_tmpfs_file(ftpd_tmpfs_t)
 
+type ftpd_unit_t;
+init_unit_file(ftpd_unit_t)
+
 type ftpd_var_run_t;
 files_pid_file(ftpd_var_run_t)
 

diff --git a/policy/modules/contrib/kdump.fc b/policy/modules/contrib/kdump.fc
index a49ae4e..d5ec077 100644
--- a/policy/modules/contrib/kdump.fc
+++ b/policy/modules/contrib/kdump.fc
@@ -6,6 +6,8 @@
 
 /usr/bin/kdumpctl	--	gen_context(system_u:object_r:kdumpctl_exec_t,s0)
 
+/usr/lib/systemd/system/kdump.*\.service -- gen_context(system_u:object_r:kdump_unit_t,s0)
+
 /sbin/kdump	--	gen_context(system_u:object_r:kdump_exec_t,s0)
 /sbin/kexec	--	gen_context(system_u:object_r:kdump_exec_t,s0)
 

diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
index ac37ce9..215a680 100644
--- a/policy/modules/contrib/kdump.te
+++ b/policy/modules/contrib/kdump.te
@@ -1,4 +1,4 @@
-policy_module(kdump, 1.4.1)
+policy_module(kdump, 1.4.2)
 
 #######################################
 #

diff --git a/policy/modules/contrib/ldap.fc b/policy/modules/contrib/ldap.fc
index b7e5679..cafa486 100644
--- a/policy/modules/contrib/ldap.fc
+++ b/policy/modules/contrib/ldap.fc
@@ -8,6 +8,7 @@
 
 /usr/lib/openldap/slapd	--	gen_context(system_u:object_r:slapd_exec_t,s0)
 /usr/lib/slapd	--	gen_context(system_u:object_r:slapd_exec_t,s0)
+/usr/lib/systemd/system/slapd.*\.service -- gen_context(system_u:object_r:slapd_unit_t,s0)
 
 /var/lib/ldap(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
 /var/lib/ldap/replog(/.*)?	gen_context(system_u:object_r:slapd_replog_t,s0)

diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
index 70bc151..5abf625 100644
--- a/policy/modules/contrib/ldap.te
+++ b/policy/modules/contrib/ldap.te
@@ -1,4 +1,4 @@
-policy_module(ldap, 1.13.0)
+policy_module(ldap, 1.13.1)
 
 ########################################
 #
@@ -39,6 +39,9 @@ files_tmp_file(slapd_tmp_t)
 type slapd_tmpfs_t;
 files_tmpfs_file(slapd_tmpfs_t)
 
+type slapd_unit_t;
+init_unit_file(slapd_unit_t)
+
 type slapd_var_run_t;
 files_pid_file(slapd_var_run_t)
 

diff --git a/policy/modules/contrib/mysql.fc b/policy/modules/contrib/mysql.fc
index 1d258c1..fb9b2d8 100644
--- a/policy/modules/contrib/mysql.fc
+++ b/policy/modules/contrib/mysql.fc
@@ -10,6 +10,8 @@ HOME_DIR/\.my\.cnf	--	gen_context(system_u:object_r:mysqld_home_t,s0)
 /usr/bin/mysqld_safe	--	gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
 /usr/bin/mysql_upgrade	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
 
+/usr/lib/systemd/system/mysqld.*\.service -- gen_context(system_u:object_r:mysqld_unit_t,s0)
+
 /usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
 
 /usr/sbin/mysqld(-max)?	--	gen_context(system_u:object_r:mysqld_exec_t,s0)

diff --git a/policy/modules/contrib/mysql.te b/policy/modules/contrib/mysql.te
index 0db8319..455fd81 100644
--- a/policy/modules/contrib/mysql.te
+++ b/policy/modules/contrib/mysql.te
@@ -1,4 +1,4 @@
-policy_module(mysql, 1.17.0)
+policy_module(mysql, 1.17.1)
 
 ########################################
 #
@@ -47,6 +47,9 @@ logging_log_file(mysqld_log_t)
 type mysqld_tmp_t;
 files_tmp_file(mysqld_tmp_t)
 
+type mysqld_unit_t;
+init_unit_file(mysqld_unit_t)
+
 type mysqlmanagerd_t;
 type mysqlmanagerd_exec_t;
 init_daemon_domain(mysqlmanagerd_t, mysqlmanagerd_exec_t)

diff --git a/policy/modules/contrib/nis.fc b/policy/modules/contrib/nis.fc
index 8aa1bfa..b7f173c 100644
--- a/policy/modules/contrib/nis.fc
+++ b/policy/modules/contrib/nis.fc
@@ -9,6 +9,11 @@
 
 /usr/lib/yp/ypxfr	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 
+/usr/lib/systemd/system/ypbind.*\.service    --      gen_context(system_u:object_r:ypbind_unit_t,s0)
+/usr/lib/systemd/system/yppasswdd.*\.service --      gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypserv.*\.service    --      gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypxfrd.*\.service    --      gen_context(system_u:object_r:nis_unit_t,s0)
+
 /usr/sbin/rpc\.yppasswdd	--	gen_context(system_u:object_r:yppasswdd_exec_t,s0)
 /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 /usr/sbin/ypbind	--	gen_context(system_u:object_r:ypbind_exec_t,s0)

diff --git a/policy/modules/contrib/nis.te b/policy/modules/contrib/nis.te
index 77c8282..3d3936d 100644
--- a/policy/modules/contrib/nis.te
+++ b/policy/modules/contrib/nis.te
@@ -1,4 +1,4 @@
-policy_module(nis, 1.13.1)
+policy_module(nis, 1.13.2)
 
 ########################################
 #
@@ -10,6 +10,9 @@ attribute_role ypbind_roles;
 type nis_initrc_exec_t;
 init_script_file(nis_initrc_exec_t)
 
+type nis_unit_t;
+init_unit_file(nis_unit_t)
+
 type var_yp_t;
 files_type(var_yp_t)
 
@@ -24,6 +27,9 @@ init_script_file(ypbind_initrc_exec_t)
 type ypbind_tmp_t;
 files_tmp_file(ypbind_tmp_t)
 
+type ypbind_unit_t;
+init_unit_file(ypbind_unit_t)
+
 type ypbind_var_run_t;
 files_pid_file(ypbind_var_run_t)
 

diff --git a/policy/modules/contrib/nscd.te b/policy/modules/contrib/nscd.te
index 998dcdd..4ba589d 100644
--- a/policy/modules/contrib/nscd.te
+++ b/policy/modules/contrib/nscd.te
@@ -1,4 +1,4 @@
-policy_module(nscd, 1.13.0)
+policy_module(nscd, 1.13.1)
 
 gen_require(`
 	class nscd all_nscd_perms;
@@ -34,6 +34,9 @@ init_script_file(nscd_initrc_exec_t)
 type nscd_log_t;
 logging_log_file(nscd_log_t)
 
+type nscd_unit_t;
+init_unit_file(nscd_unit_t)
+
 ########################################
 #
 # Local policy

diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index b58ce47..01ae073 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -13,6 +13,7 @@
 
 # Systemd unit file
 /usr/lib/systemd/ntp-units\.d/.*  --   gen_context(system_u:object_r:ntpd_unit_t,s0)
+/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
 
 /usr/sbin/ntpd		--	gen_context(system_u:object_r:ntpd_exec_t,s0)
 /usr/sbin/ntpdate	--	gen_context(system_u:object_r:ntpdate_exec_t,s0)

diff --git a/policy/modules/contrib/ppp.fc b/policy/modules/contrib/ppp.fc
index efcb653..7d13ee9 100644
--- a/policy/modules/contrib/ppp.fc
+++ b/policy/modules/contrib/ppp.fc
@@ -12,6 +12,8 @@ HOME_DIR/\.ppprc	--	gen_context(system_u:object_r:ppp_home_t,s0)
 /sbin/ppp-watch	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /sbin/pppoe-server	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 
+/usr/lib/systemd/system/ppp.*\.service      --      gen_context(system_u:object_r:pppd_unit_t,s0)
+
 /usr/sbin/ipppd	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /usr/sbin/ppp-watch	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /usr/sbin/pppd	--	gen_context(system_u:object_r:pppd_exec_t,s0)

diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te
index 1d3079f..8473117 100644
--- a/policy/modules/contrib/ppp.te
+++ b/policy/modules/contrib/ppp.te
@@ -1,4 +1,4 @@
-policy_module(ppp, 1.15.0)
+policy_module(ppp, 1.15.1)
 
 ########################################
 #
@@ -53,6 +53,9 @@ files_lock_file(pppd_lock_t)
 type pppd_tmp_t;
 files_tmp_file(pppd_tmp_t)
 
+type pppd_unit_t;
+init_unit_file(pppd_unit_t)
+
 type pppd_var_run_t;
 files_pid_file(pppd_var_run_t)
 

diff --git a/policy/modules/contrib/rpc.fc b/policy/modules/contrib/rpc.fc
index a6fb30c..c00b379 100644
--- a/policy/modules/contrib/rpc.fc
+++ b/policy/modules/contrib/rpc.fc
@@ -7,6 +7,9 @@
 /sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /sbin/sm-notify	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 
+/usr/lib/systemd/system/nfs.*\.service --   gen_context(system_u:object_r:nfsd_unit_t,s0)
+/usr/lib/systemd/system/rpc.*\.service --   gen_context(system_u:object_r:rpcd_unit_t,s0)
+
 /usr/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\.idmapd	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\.gssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)

diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
index 8849e92..6703f96 100644
--- a/policy/modules/contrib/rpc.te
+++ b/policy/modules/contrib/rpc.te
@@ -1,4 +1,4 @@
-policy_module(rpc, 1.17.0)
+policy_module(rpc, 1.17.1)
 
 ########################################
 #
@@ -52,6 +52,9 @@ rpc_domain_template(rpcd)
 type rpcd_initrc_exec_t;
 init_script_file(rpcd_initrc_exec_t)
 
+type rpcd_unit_t;
+init_unit_file(rpcd_unit_t)
+
 rpc_domain_template(nfsd)
 
 type nfsd_initrc_exec_t;
@@ -63,6 +66,9 @@ files_type(nfsd_rw_t)
 type nfsd_ro_t;
 files_type(nfsd_ro_t)
 
+type nfsd_unit_t;
+init_unit_file(nfsd_unit_t)
+
 type var_lib_nfs_t;
 files_mountpoint(var_lib_nfs_t)
 

diff --git a/policy/modules/contrib/samba.fc b/policy/modules/contrib/samba.fc
index b8b66ff..ef009e0 100644
--- a/policy/modules/contrib/samba.fc
+++ b/policy/modules/contrib/samba.fc
@@ -14,6 +14,8 @@
 /usr/bin/smbmount	--	gen_context(system_u:object_r:smbmount_exec_t,s0)
 /usr/bin/smbmnt	--	gen_context(system_u:object_r:smbmount_exec_t,s0)
 
+/usr/lib/systemd/system/smb.*\.service -- gen_context(system_u:object_r:samba_unit_t,s0)
+
 /usr/sbin/swat	--	gen_context(system_u:object_r:swat_exec_t,s0)
 /usr/sbin/nmbd	--	gen_context(system_u:object_r:nmbd_exec_t,s0)
 /usr/sbin/smbd	--	gen_context(system_u:object_r:smbd_exec_t,s0)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index f6e9be3..602be98 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1,4 +1,4 @@
-policy_module(samba, 1.18.0)
+policy_module(samba, 1.18.1)
 
 #################################
 #
@@ -130,6 +130,9 @@ files_type(samba_secrets_t)
 type samba_share_t; # customizable
 files_type(samba_share_t)
 
+type samba_unit_t;
+init_unit_file(samba_unit_t)
+
 type samba_var_t;
 files_type(samba_var_t)
 

diff --git a/policy/modules/contrib/tor.fc b/policy/modules/contrib/tor.fc
index dce42ec..cbaaa15 100644
--- a/policy/modules/contrib/tor.fc
+++ b/policy/modules/contrib/tor.fc
@@ -5,6 +5,8 @@
 /usr/bin/tor	--	gen_context(system_u:object_r:tor_exec_t,s0)
 /usr/sbin/tor	--	gen_context(system_u:object_r:tor_exec_t,s0)
 
+/usr/lib/systemd/system/tor.*\.service -- gen_context(system_u:object_r:tor_unit_t,s0)
+
 /var/lib/tor(/.*)?	gen_context(system_u:object_r:tor_var_lib_t,s0)
 /var/lib/tor-data(/.*)?	gen_context(system_u:object_r:tor_var_lib_t,s0)
 

diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
index 418eb29..3c596d8 100644
--- a/policy/modules/contrib/tor.te
+++ b/policy/modules/contrib/tor.te
@@ -1,4 +1,4 @@
-policy_module(tor, 1.11.0)
+policy_module(tor, 1.11.1)
 
 ########################################
 #
@@ -23,6 +23,9 @@ files_config_file(tor_etc_t)
 type tor_initrc_exec_t;
 init_script_file(tor_initrc_exec_t)
 
+type tor_unit_t;
+init_unit_file(tor_unit_t)
+
 type tor_var_lib_t;
 files_type(tor_var_lib_t)
 


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-896860-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 76D1813832F
	for <garchives@archives.gentoo.org>; Sat, 13 Aug 2016 18:35:16 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8CEE721C203;
	Sat, 13 Aug 2016 18:35:07 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 60BCB21C1FF
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:35:06 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E5EB6340CD2
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:35:04 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 348812460
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Aug 2016 18:35:01 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1471112583.89d1ba7ab8b4bd7188379b36d18464a912491e55.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/apache.fc policy/modules/contrib/apache.te policy/modules/contrib/apcupsd.fc policy/modules/contrib/apcupsd.te policy/modules/contrib/apm.fc policy/modules/contrib/apm.te policy/modules/contrib/arpwatch.fc policy/modules/contrib/arpwatch.te policy/modules/contrib/automount.fc policy/modules/contrib/automount.te policy/modules/contrib/avahi.fc policy/modules/contrib/avahi.te policy/modules/contrib/bind.fc policy/modules/contrib/bind.te policy/modules/contrib/clamav.fc policy/modules/contrib/clamav.te policy/modules/contrib/consolekit.fc policy/modules/contrib/consolekit.te policy/modules/contrib/cron.fc policy/modules/contrib/cron.te policy/modules/contrib/cups.fc policy/modules/contrib/cups.te policy/modules/contrib/dhcp.fc policy/modules/contrib/dhcp.te policy/modules/contrib/ftp.fc policy/modules/contrib/ftp.te policy/modules/contrib/kdump.fc policy/modules/contrib/kdump.te policy/modules/contrib/ldap.fc policy/modules/contrib/ldap.te policy/modu
 les/contrib/mysql.fc policy/modules/contrib/mysql.te policy/modules/contrib/nis.fc policy/modules/contrib/nis.te policy/modules/contrib/nscd.te policy/modules/contrib/ntp.fc policy/modules/contrib/ppp.fc policy/modules/contrib/ppp.te policy/modules/contrib/rpc.fc policy/modules/contrib/rpc.te policy/modules/contrib/samba.fc policy/modules/contrib/samba.te policy/modules/contrib/tor.fc policy/modules/contrib/tor.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 89d1ba7ab8b4bd7188379b36d18464a912491e55
X-VCS-Branch: next
Date: Sat, 13 Aug 2016 18:35:01 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 4b3a1a0d-2c1c-4892-883b-cf1a06697121
X-Archives-Hash: dc53b27c22900a9a854e1a43c5089677
Message-ID: <20160813183501.EfTuJ0ie4tNiA2xRBBcM2dKDVfJR_HGpOwomHk6cYiM@z>

commit:     89d1ba7ab8b4bd7188379b36d18464a912491e55
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Aug  6 23:13:32 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=89d1ba7a

Systemd units from Russell Coker.

 policy/modules/contrib/apache.fc     | 2 ++
 policy/modules/contrib/apache.te     | 5 ++++-
 policy/modules/contrib/apcupsd.fc    | 2 ++
 policy/modules/contrib/apcupsd.te    | 5 ++++-
 policy/modules/contrib/apm.fc        | 2 ++
 policy/modules/contrib/apm.te        | 5 ++++-
 policy/modules/contrib/arpwatch.fc   | 2 ++
 policy/modules/contrib/arpwatch.te   | 5 ++++-
 policy/modules/contrib/automount.fc  | 2 ++
 policy/modules/contrib/automount.te  | 5 ++++-
 policy/modules/contrib/avahi.fc      | 2 ++
 policy/modules/contrib/avahi.te      | 5 ++++-
 policy/modules/contrib/bind.fc       | 3 +++
 policy/modules/contrib/bind.te       | 5 ++++-
 policy/modules/contrib/clamav.fc     | 2 ++
 policy/modules/contrib/clamav.te     | 5 ++++-
 policy/modules/contrib/consolekit.fc | 2 ++
 policy/modules/contrib/consolekit.te | 5 ++++-
 policy/modules/contrib/cron.fc       | 3 +++
 policy/modules/contrib/cron.te       | 5 ++++-
 policy/modules/contrib/cups.fc       | 1 +
 policy/modules/contrib/cups.te       | 5 ++++-
 policy/modules/contrib/dhcp.fc       | 2 ++
 policy/modules/contrib/dhcp.te       | 5 ++++-
 policy/modules/contrib/ftp.fc        | 3 +++
 policy/modules/contrib/ftp.te        | 5 ++++-
 policy/modules/contrib/kdump.fc      | 2 ++
 policy/modules/contrib/kdump.te      | 2 +-
 policy/modules/contrib/ldap.fc       | 1 +
 policy/modules/contrib/ldap.te       | 5 ++++-
 policy/modules/contrib/mysql.fc      | 2 ++
 policy/modules/contrib/mysql.te      | 5 ++++-
 policy/modules/contrib/nis.fc        | 5 +++++
 policy/modules/contrib/nis.te        | 8 +++++++-
 policy/modules/contrib/nscd.te       | 5 ++++-
 policy/modules/contrib/ntp.fc        | 1 +
 policy/modules/contrib/ppp.fc        | 2 ++
 policy/modules/contrib/ppp.te        | 5 ++++-
 policy/modules/contrib/rpc.fc        | 3 +++
 policy/modules/contrib/rpc.te        | 8 +++++++-
 policy/modules/contrib/samba.fc      | 2 ++
 policy/modules/contrib/samba.te      | 5 ++++-
 policy/modules/contrib/tor.fc        | 2 ++
 policy/modules/contrib/tor.te        | 5 ++++-
 44 files changed, 139 insertions(+), 22 deletions(-)

diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc
index 96006a0..808cc65 100644
--- a/policy/modules/contrib/apache.fc
+++ b/policy/modules/contrib/apache.fc
@@ -50,6 +50,8 @@ HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)?	gen_context(system_u:objec
 /usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 /usr/lib/httpd(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
 /usr/lib/lighttpd(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
+/usr/lib/systemd/system/httpd.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
+/usr/lib/systemd/system/jetty.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
 
 /usr/libexec/httpd-ssl-pass-dialog	--	gen_context(system_u:object_r:httpd_passwd_exec_t,s0)
 

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d3299a2..e02fcdc 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -1,4 +1,4 @@
-policy_module(apache, 2.10.0)
+policy_module(apache, 2.10.1)
 
 ########################################
 #
@@ -327,6 +327,9 @@ files_tmp_file(httpd_tmp_t)
 type httpd_tmpfs_t;
 files_tmpfs_file(httpd_tmpfs_t)
 
+type httpd_unit_t;
+init_unit_file(httpd_unit_t)
+
 apache_content_template(user)
 ubac_constrained(httpd_user_script_t)
 userdom_user_home_content(httpd_user_content_t)

diff --git a/policy/modules/contrib/apcupsd.fc b/policy/modules/contrib/apcupsd.fc
index 5ec0e13..82d48b1 100644
--- a/policy/modules/contrib/apcupsd.fc
+++ b/policy/modules/contrib/apcupsd.fc
@@ -2,6 +2,8 @@
 
 /sbin/apcupsd	--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 
+/usr/lib/systemd/system/apcupsd.*\.service -- gen_context(system_u:object_r:apcupsd_unit_t,s0)
+
 /usr/sbin/apcupsd	--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 
 /var/lock/subsys/apcupsd	--	gen_context(system_u:object_r:apcupsd_lock_t,s0)

diff --git a/policy/modules/contrib/apcupsd.te b/policy/modules/contrib/apcupsd.te
index d5bf5bd..586104d 100644
--- a/policy/modules/contrib/apcupsd.te
+++ b/policy/modules/contrib/apcupsd.te
@@ -1,4 +1,4 @@
-policy_module(apcupsd, 1.10.0)
+policy_module(apcupsd, 1.10.1)
 
 ########################################
 #
@@ -21,6 +21,9 @@ logging_log_file(apcupsd_log_t)
 type apcupsd_tmp_t;
 files_tmp_file(apcupsd_tmp_t)
 
+type apcupsd_unit_t;
+init_unit_file(apcupsd_unit_t)
+
 type apcupsd_var_run_t;
 files_pid_file(apcupsd_var_run_t)
 

diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
index ce27d2f..0b5cf18 100644
--- a/policy/modules/contrib/apm.fc
+++ b/policy/modules/contrib/apm.fc
@@ -2,6 +2,8 @@
 
 /usr/bin/apm	--	gen_context(system_u:object_r:apm_exec_t,s0)
 
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
+
 /usr/sbin/acpid	--	gen_context(system_u:object_r:apmd_exec_t,s0)
 /usr/sbin/apmd	--	gen_context(system_u:object_r:apmd_exec_t,s0)
 /usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)

diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
index d6344dc..3acc764 100644
--- a/policy/modules/contrib/apm.te
+++ b/policy/modules/contrib/apm.te
@@ -1,4 +1,4 @@
-policy_module(apm, 1.14.0)
+policy_module(apm, 1.14.1)
 
 ########################################
 #
@@ -29,6 +29,9 @@ logging_log_file(apmd_log_t)
 type apmd_tmp_t;
 files_tmp_file(apmd_tmp_t)
 
+type apmd_unit_t;
+init_unit_file(apmd_unit_t)
+
 type apmd_var_lib_t;
 files_type(apmd_var_lib_t)
 

diff --git a/policy/modules/contrib/arpwatch.fc b/policy/modules/contrib/arpwatch.fc
index 9ca0d0f..59498be 100644
--- a/policy/modules/contrib/arpwatch.fc
+++ b/policy/modules/contrib/arpwatch.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/arpwatch	--	gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/arpwatch.*\.service -- gen_context(system_u:object_r:arpwatch_unit_t,s0)
+
 /usr/sbin/arpwatch	--	gen_context(system_u:object_r:arpwatch_exec_t,s0)
 
 /var/arpwatch(/.*)?	gen_context(system_u:object_r:arpwatch_data_t,s0)

diff --git a/policy/modules/contrib/arpwatch.te b/policy/modules/contrib/arpwatch.te
index 97ecc55..0cda29a 100644
--- a/policy/modules/contrib/arpwatch.te
+++ b/policy/modules/contrib/arpwatch.te
@@ -1,4 +1,4 @@
-policy_module(arpwatch, 1.12.0)
+policy_module(arpwatch, 1.12.1)
 
 ########################################
 #
@@ -18,6 +18,9 @@ files_type(arpwatch_data_t)
 type arpwatch_tmp_t;
 files_tmp_file(arpwatch_tmp_t)
 
+type arpwatch_unit_t;
+init_unit_file(arpwatch_unit_t)
+
 type arpwatch_var_run_t;
 files_pid_file(arpwatch_var_run_t)
 

diff --git a/policy/modules/contrib/automount.fc b/policy/modules/contrib/automount.fc
index 92adb37..989c10e 100644
--- a/policy/modules/contrib/automount.fc
+++ b/policy/modules/contrib/automount.fc
@@ -1,6 +1,8 @@
 /etc/apm/event\.d/autofs	--	gen_context(system_u:object_r:automount_exec_t,s0)
 /etc/rc\.d/init\.d/autofs	--	gen_context(system_u:object_r:automount_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/autofs.*\.service -- gen_context(system_u:object_r:automount_unit_t,s0)
+
 /usr/sbin/automount	--	gen_context(system_u:object_r:automount_exec_t,s0)
 
 /var/lock/subsys/autofs	--	gen_context(system_u:object_r:automount_lock_t,s0)

diff --git a/policy/modules/contrib/automount.te b/policy/modules/contrib/automount.te
index be5adee..2f5852e 100644
--- a/policy/modules/contrib/automount.te
+++ b/policy/modules/contrib/automount.te
@@ -1,4 +1,4 @@
-policy_module(automount, 1.16.0)
+policy_module(automount, 1.16.1)
 
 ########################################
 #
@@ -22,6 +22,9 @@ type automount_tmp_t;
 files_tmp_file(automount_tmp_t)
 files_mountpoint(automount_tmp_t)
 
+type automount_unit_t;
+init_unit_file(automount_unit_t)
+
 type automount_var_run_t;
 files_pid_file(automount_var_run_t)
 

diff --git a/policy/modules/contrib/avahi.fc b/policy/modules/contrib/avahi.fc
index e9fe2ca..f6604ae 100644
--- a/policy/modules/contrib/avahi.fc
+++ b/policy/modules/contrib/avahi.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/avahi.*	--	gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/avahi.*\.service -- gen_context(system_u:object_r:avahi_unit_t,s0)
+
 /usr/sbin/avahi-daemon	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 /usr/sbin/avahi-dnsconfd	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 /usr/sbin/avahi-autoipd	--	gen_context(system_u:object_r:avahi_exec_t,s0)

diff --git a/policy/modules/contrib/avahi.te b/policy/modules/contrib/avahi.te
index 461cef0..40cba10 100644
--- a/policy/modules/contrib/avahi.te
+++ b/policy/modules/contrib/avahi.te
@@ -1,4 +1,4 @@
-policy_module(avahi, 1.16.0)
+policy_module(avahi, 1.16.1)
 
 ########################################
 #
@@ -13,6 +13,9 @@ init_named_socket_activation(avahi_t, avahi_var_run_t)
 type avahi_initrc_exec_t;
 init_script_file(avahi_initrc_exec_t)
 
+type avahi_unit_t;
+init_unit_file(avahi_unit_t)
+
 type avahi_var_lib_t;
 files_pid_file(avahi_var_lib_t)
 

diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc
index 2b9a3a1..d0c6d58 100644
--- a/policy/modules/contrib/bind.fc
+++ b/policy/modules/contrib/bind.fc
@@ -14,6 +14,9 @@
 /etc/unbound(/.*)?	gen_context(system_u:object_r:named_conf_t,s0)
 /etc/unbound/.*\.key	--	gen_context(system_u:object_r:dnssec_t,s0)
 
+/usr/lib/systemd/system/named.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+/usr/lib/systemd/system/unbound.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+
 /usr/sbin/lwresd	--	gen_context(system_u:object_r:named_exec_t,s0)
 /usr/sbin/named	--	gen_context(system_u:object_r:named_exec_t,s0)
 /usr/sbin/named-checkconf	--	gen_context(system_u:object_r:named_checkconf_exec_t,s0)

diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
index 0683298..e3072c7 100644
--- a/policy/modules/contrib/bind.te
+++ b/policy/modules/contrib/bind.te
@@ -1,4 +1,4 @@
-policy_module(bind, 1.16.1)
+policy_module(bind, 1.16.2)
 
 ########################################
 #
@@ -53,6 +53,9 @@ logging_log_file(named_log_t)
 type named_tmp_t;
 files_tmp_file(named_tmp_t)
 
+type named_unit_t;
+init_unit_file(named_unit_t)
+
 type named_var_run_t;
 files_pid_file(named_var_run_t)
 init_daemon_pid_file(named_var_run_t, dir, "named")

diff --git a/policy/modules/contrib/clamav.fc b/policy/modules/contrib/clamav.fc
index d72afcc..f12497d 100644
--- a/policy/modules/contrib/clamav.fc
+++ b/policy/modules/contrib/clamav.fc
@@ -6,6 +6,8 @@
 /usr/bin/clamdscan	--	gen_context(system_u:object_r:clamscan_exec_t,s0)
 /usr/bin/freshclam	--	gen_context(system_u:object_r:freshclam_exec_t,s0)
 
+/usr/lib/systemd/system/clamd.*\.service -- gen_context(system_u:object_r:clamd_unit_t,s0)
+
 /usr/sbin/clamd	--	gen_context(system_u:object_r:clamd_exec_t,s0)
 /usr/sbin/clamav-milter	--	gen_context(system_u:object_r:clamd_exec_t,s0)
 

diff --git a/policy/modules/contrib/clamav.te b/policy/modules/contrib/clamav.te
index c157b65..d733ffb 100644
--- a/policy/modules/contrib/clamav.te
+++ b/policy/modules/contrib/clamav.te
@@ -1,4 +1,4 @@
-policy_module(clamav, 1.12.0)
+policy_module(clamav, 1.12.1)
 
 ## <desc>
 ##	<p>
@@ -41,6 +41,9 @@ init_script_file(clamd_initrc_exec_t)
 type clamd_tmp_t;
 files_tmp_file(clamd_tmp_t)
 
+type clamd_unit_t;
+init_unit_file(clamd_unit_t)
+
 type clamd_var_log_t;
 logging_log_file(clamd_var_log_t)
 

diff --git a/policy/modules/contrib/consolekit.fc b/policy/modules/contrib/consolekit.fc
index 0ce1e53..3ce852a 100644
--- a/policy/modules/contrib/consolekit.fc
+++ b/policy/modules/contrib/consolekit.fc
@@ -1,3 +1,5 @@
+/usr/lib/systemd/system/console-kit.*\.service -- gen_context(system_u:object_r:consolekit_unit_t,s0)
+
 /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
 
 /var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)

diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index a3fd0bf..80c18fa 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -1,4 +1,4 @@
-policy_module(consolekit, 1.10.1)
+policy_module(consolekit, 1.10.2)
 
 ########################################
 #
@@ -15,6 +15,9 @@ logging_log_file(consolekit_log_t)
 type consolekit_tmpfs_t;
 files_tmpfs_file(consolekit_tmpfs_t)
 
+type consolekit_unit_t;
+init_unit_file(consolekit_unit_t)
+
 type consolekit_var_run_t;
 files_pid_file(consolekit_var_run_t)
 init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")

diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc
index cbb19b7..21ca917 100644
--- a/policy/modules/contrib/cron.fc
+++ b/policy/modules/contrib/cron.fc
@@ -6,6 +6,9 @@
 
 /usr/bin/(f)?crontab	--	gen_context(system_u:object_r:crontab_exec_t,s0)
 
+/usr/lib/systemd/system/atd.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
+/usr/lib/systemd/system/crond.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
+
 /usr/libexec/fcron	--	gen_context(system_u:object_r:crond_exec_t,s0)
 /usr/libexec/fcronsighup	--	gen_context(system_u:object_r:crontab_exec_t,s0)
 

diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index d26bdb2..0125df0 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -1,4 +1,4 @@
-policy_module(cron, 2.9.1)
+policy_module(cron, 2.9.2)
 
 gen_require(`
 	class passwd rootok;
@@ -76,6 +76,9 @@ files_tmp_file(crond_tmp_t)
 files_poly_parent(crond_tmp_t)
 mta_system_content(crond_tmp_t)
 
+type crond_unit_t;
+init_unit_file(crond_unit_t)
+
 type crond_var_run_t;
 files_pid_file(crond_var_run_t)
 mta_system_content(crond_var_run_t)

diff --git a/policy/modules/contrib/cups.fc b/policy/modules/contrib/cups.fc
index 949011e..ecea069 100644
--- a/policy/modules/contrib/cups.fc
+++ b/policy/modules/contrib/cups.fc
@@ -34,6 +34,7 @@
 /usr/lib/cups/daemon/cups-lpd	--	gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
 /usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 /usr/lib/cups/backend/hp.*	--	gen_context(system_u:object_r:hplip_exec_t,s0)
+/usr/lib/systemd/system/cups.*\.service -- gen_context(system_u:object_r:cupsd_unit_t,s0)
 /usr/lib/udev/udev-configure-printer	--	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
 
 /usr/libexec/cups-pk-helper-mechanism	--	gen_context(system_u:object_r:cupsd_config_exec_t,s0)

diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 1edccbe..6fd2ee5 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -1,4 +1,4 @@
-policy_module(cups, 1.19.0)
+policy_module(cups, 1.19.1)
 
 ########################################
 #
@@ -58,6 +58,9 @@ files_tmp_file(cups_pdf_tmp_t)
 type cupsd_tmp_t;
 files_tmp_file(cupsd_tmp_t)
 
+type cupsd_unit_t;
+init_unit_file(cupsd_unit_t)
+
 type cupsd_var_run_t;
 files_pid_file(cupsd_var_run_t)
 init_daemon_pid_file(cupsd_var_run_t, dir, "cups")

diff --git a/policy/modules/contrib/dhcp.fc b/policy/modules/contrib/dhcp.fc
index 8182c48..bf65642 100644
--- a/policy/modules/contrib/dhcp.fc
+++ b/policy/modules/contrib/dhcp.fc
@@ -1,5 +1,7 @@
 /etc/rc\.d/init\.d/dhcpd(6)?	--	gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
 
+/usr/lib/systemd/system/dhcpcd.*\.service   --      gen_context(system_u:object_r:dhcpd_unit_t,s0)
+
 /usr/sbin/dhcpd.*	--	gen_context(system_u:object_r:dhcpd_exec_t,s0)
 
 /var/lib/dhcpd(/.*)?	gen_context(system_u:object_r:dhcpd_state_t,s0)

diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te
index 2d64a81..927e1d9 100644
--- a/policy/modules/contrib/dhcp.te
+++ b/policy/modules/contrib/dhcp.te
@@ -1,4 +1,4 @@
-policy_module(dhcp, 1.12.0)
+policy_module(dhcp, 1.12.1)
 
 ########################################
 #
@@ -26,6 +26,9 @@ files_type(dhcpd_state_t)
 type dhcpd_tmp_t;
 files_tmp_file(dhcpd_tmp_t)
 
+type dhcpd_unit_t;
+init_unit_file(dhcpd_unit_t)
+
 type dhcpd_var_run_t;
 files_pid_file(dhcpd_var_run_t)
 

diff --git a/policy/modules/contrib/ftp.fc b/policy/modules/contrib/ftp.fc
index fa132af..366809a 100644
--- a/policy/modules/contrib/ftp.fc
+++ b/policy/modules/contrib/ftp.fc
@@ -9,6 +9,9 @@
 
 /usr/kerberos/sbin/ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 
+/usr/lib/systemd/system/proftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
+/usr/lib/systemd/system/vsftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
+
 /usr/sbin/ftpwho	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 /usr/sbin/in\.ftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)
 /usr/sbin/muddleftpd	--	gen_context(system_u:object_r:ftpd_exec_t,s0)

diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
index d143280..8b83ad7 100644
--- a/policy/modules/contrib/ftp.te
+++ b/policy/modules/contrib/ftp.te
@@ -1,4 +1,4 @@
-policy_module(ftp, 1.18.1)
+policy_module(ftp, 1.18.2)
 
 ########################################
 #
@@ -136,6 +136,9 @@ files_tmp_file(ftpd_tmp_t)
 type ftpd_tmpfs_t;
 files_tmpfs_file(ftpd_tmpfs_t)
 
+type ftpd_unit_t;
+init_unit_file(ftpd_unit_t)
+
 type ftpd_var_run_t;
 files_pid_file(ftpd_var_run_t)
 

diff --git a/policy/modules/contrib/kdump.fc b/policy/modules/contrib/kdump.fc
index a49ae4e..d5ec077 100644
--- a/policy/modules/contrib/kdump.fc
+++ b/policy/modules/contrib/kdump.fc
@@ -6,6 +6,8 @@
 
 /usr/bin/kdumpctl	--	gen_context(system_u:object_r:kdumpctl_exec_t,s0)
 
+/usr/lib/systemd/system/kdump.*\.service -- gen_context(system_u:object_r:kdump_unit_t,s0)
+
 /sbin/kdump	--	gen_context(system_u:object_r:kdump_exec_t,s0)
 /sbin/kexec	--	gen_context(system_u:object_r:kdump_exec_t,s0)
 

diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
index ac37ce9..215a680 100644
--- a/policy/modules/contrib/kdump.te
+++ b/policy/modules/contrib/kdump.te
@@ -1,4 +1,4 @@
-policy_module(kdump, 1.4.1)
+policy_module(kdump, 1.4.2)
 
 #######################################
 #

diff --git a/policy/modules/contrib/ldap.fc b/policy/modules/contrib/ldap.fc
index b7e5679..cafa486 100644
--- a/policy/modules/contrib/ldap.fc
+++ b/policy/modules/contrib/ldap.fc
@@ -8,6 +8,7 @@
 
 /usr/lib/openldap/slapd	--	gen_context(system_u:object_r:slapd_exec_t,s0)
 /usr/lib/slapd	--	gen_context(system_u:object_r:slapd_exec_t,s0)
+/usr/lib/systemd/system/slapd.*\.service -- gen_context(system_u:object_r:slapd_unit_t,s0)
 
 /var/lib/ldap(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
 /var/lib/ldap/replog(/.*)?	gen_context(system_u:object_r:slapd_replog_t,s0)

diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
index 70bc151..5abf625 100644
--- a/policy/modules/contrib/ldap.te
+++ b/policy/modules/contrib/ldap.te
@@ -1,4 +1,4 @@
-policy_module(ldap, 1.13.0)
+policy_module(ldap, 1.13.1)
 
 ########################################
 #
@@ -39,6 +39,9 @@ files_tmp_file(slapd_tmp_t)
 type slapd_tmpfs_t;
 files_tmpfs_file(slapd_tmpfs_t)
 
+type slapd_unit_t;
+init_unit_file(slapd_unit_t)
+
 type slapd_var_run_t;
 files_pid_file(slapd_var_run_t)
 

diff --git a/policy/modules/contrib/mysql.fc b/policy/modules/contrib/mysql.fc
index 1d258c1..fb9b2d8 100644
--- a/policy/modules/contrib/mysql.fc
+++ b/policy/modules/contrib/mysql.fc
@@ -10,6 +10,8 @@ HOME_DIR/\.my\.cnf	--	gen_context(system_u:object_r:mysqld_home_t,s0)
 /usr/bin/mysqld_safe	--	gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
 /usr/bin/mysql_upgrade	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
 
+/usr/lib/systemd/system/mysqld.*\.service -- gen_context(system_u:object_r:mysqld_unit_t,s0)
+
 /usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
 
 /usr/sbin/mysqld(-max)?	--	gen_context(system_u:object_r:mysqld_exec_t,s0)

diff --git a/policy/modules/contrib/mysql.te b/policy/modules/contrib/mysql.te
index 0db8319..455fd81 100644
--- a/policy/modules/contrib/mysql.te
+++ b/policy/modules/contrib/mysql.te
@@ -1,4 +1,4 @@
-policy_module(mysql, 1.17.0)
+policy_module(mysql, 1.17.1)
 
 ########################################
 #
@@ -47,6 +47,9 @@ logging_log_file(mysqld_log_t)
 type mysqld_tmp_t;
 files_tmp_file(mysqld_tmp_t)
 
+type mysqld_unit_t;
+init_unit_file(mysqld_unit_t)
+
 type mysqlmanagerd_t;
 type mysqlmanagerd_exec_t;
 init_daemon_domain(mysqlmanagerd_t, mysqlmanagerd_exec_t)

diff --git a/policy/modules/contrib/nis.fc b/policy/modules/contrib/nis.fc
index 8aa1bfa..b7f173c 100644
--- a/policy/modules/contrib/nis.fc
+++ b/policy/modules/contrib/nis.fc
@@ -9,6 +9,11 @@
 
 /usr/lib/yp/ypxfr	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 
+/usr/lib/systemd/system/ypbind.*\.service    --      gen_context(system_u:object_r:ypbind_unit_t,s0)
+/usr/lib/systemd/system/yppasswdd.*\.service --      gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypserv.*\.service    --      gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypxfrd.*\.service    --      gen_context(system_u:object_r:nis_unit_t,s0)
+
 /usr/sbin/rpc\.yppasswdd	--	gen_context(system_u:object_r:yppasswdd_exec_t,s0)
 /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 /usr/sbin/ypbind	--	gen_context(system_u:object_r:ypbind_exec_t,s0)

diff --git a/policy/modules/contrib/nis.te b/policy/modules/contrib/nis.te
index 77c8282..3d3936d 100644
--- a/policy/modules/contrib/nis.te
+++ b/policy/modules/contrib/nis.te
@@ -1,4 +1,4 @@
-policy_module(nis, 1.13.1)
+policy_module(nis, 1.13.2)
 
 ########################################
 #
@@ -10,6 +10,9 @@ attribute_role ypbind_roles;
 type nis_initrc_exec_t;
 init_script_file(nis_initrc_exec_t)
 
+type nis_unit_t;
+init_unit_file(nis_unit_t)
+
 type var_yp_t;
 files_type(var_yp_t)
 
@@ -24,6 +27,9 @@ init_script_file(ypbind_initrc_exec_t)
 type ypbind_tmp_t;
 files_tmp_file(ypbind_tmp_t)
 
+type ypbind_unit_t;
+init_unit_file(ypbind_unit_t)
+
 type ypbind_var_run_t;
 files_pid_file(ypbind_var_run_t)
 

diff --git a/policy/modules/contrib/nscd.te b/policy/modules/contrib/nscd.te
index 998dcdd..4ba589d 100644
--- a/policy/modules/contrib/nscd.te
+++ b/policy/modules/contrib/nscd.te
@@ -1,4 +1,4 @@
-policy_module(nscd, 1.13.0)
+policy_module(nscd, 1.13.1)
 
 gen_require(`
 	class nscd all_nscd_perms;
@@ -34,6 +34,9 @@ init_script_file(nscd_initrc_exec_t)
 type nscd_log_t;
 logging_log_file(nscd_log_t)
 
+type nscd_unit_t;
+init_unit_file(nscd_unit_t)
+
 ########################################
 #
 # Local policy

diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index b58ce47..01ae073 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -13,6 +13,7 @@
 
 # Systemd unit file
 /usr/lib/systemd/ntp-units\.d/.*  --   gen_context(system_u:object_r:ntpd_unit_t,s0)
+/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
 
 /usr/sbin/ntpd		--	gen_context(system_u:object_r:ntpd_exec_t,s0)
 /usr/sbin/ntpdate	--	gen_context(system_u:object_r:ntpdate_exec_t,s0)

diff --git a/policy/modules/contrib/ppp.fc b/policy/modules/contrib/ppp.fc
index efcb653..7d13ee9 100644
--- a/policy/modules/contrib/ppp.fc
+++ b/policy/modules/contrib/ppp.fc
@@ -12,6 +12,8 @@ HOME_DIR/\.ppprc	--	gen_context(system_u:object_r:ppp_home_t,s0)
 /sbin/ppp-watch	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /sbin/pppoe-server	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 
+/usr/lib/systemd/system/ppp.*\.service      --      gen_context(system_u:object_r:pppd_unit_t,s0)
+
 /usr/sbin/ipppd	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /usr/sbin/ppp-watch	--	gen_context(system_u:object_r:pppd_exec_t,s0)
 /usr/sbin/pppd	--	gen_context(system_u:object_r:pppd_exec_t,s0)

diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te
index 1d3079f..8473117 100644
--- a/policy/modules/contrib/ppp.te
+++ b/policy/modules/contrib/ppp.te
@@ -1,4 +1,4 @@
-policy_module(ppp, 1.15.0)
+policy_module(ppp, 1.15.1)
 
 ########################################
 #
@@ -53,6 +53,9 @@ files_lock_file(pppd_lock_t)
 type pppd_tmp_t;
 files_tmp_file(pppd_tmp_t)
 
+type pppd_unit_t;
+init_unit_file(pppd_unit_t)
+
 type pppd_var_run_t;
 files_pid_file(pppd_var_run_t)
 

diff --git a/policy/modules/contrib/rpc.fc b/policy/modules/contrib/rpc.fc
index a6fb30c..c00b379 100644
--- a/policy/modules/contrib/rpc.fc
+++ b/policy/modules/contrib/rpc.fc
@@ -7,6 +7,9 @@
 /sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /sbin/sm-notify	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 
+/usr/lib/systemd/system/nfs.*\.service --   gen_context(system_u:object_r:nfsd_unit_t,s0)
+/usr/lib/systemd/system/rpc.*\.service --   gen_context(system_u:object_r:rpcd_unit_t,s0)
+
 /usr/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\.idmapd	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\.gssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)

diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
index 8849e92..6703f96 100644
--- a/policy/modules/contrib/rpc.te
+++ b/policy/modules/contrib/rpc.te
@@ -1,4 +1,4 @@
-policy_module(rpc, 1.17.0)
+policy_module(rpc, 1.17.1)
 
 ########################################
 #
@@ -52,6 +52,9 @@ rpc_domain_template(rpcd)
 type rpcd_initrc_exec_t;
 init_script_file(rpcd_initrc_exec_t)
 
+type rpcd_unit_t;
+init_unit_file(rpcd_unit_t)
+
 rpc_domain_template(nfsd)
 
 type nfsd_initrc_exec_t;
@@ -63,6 +66,9 @@ files_type(nfsd_rw_t)
 type nfsd_ro_t;
 files_type(nfsd_ro_t)
 
+type nfsd_unit_t;
+init_unit_file(nfsd_unit_t)
+
 type var_lib_nfs_t;
 files_mountpoint(var_lib_nfs_t)
 

diff --git a/policy/modules/contrib/samba.fc b/policy/modules/contrib/samba.fc
index b8b66ff..ef009e0 100644
--- a/policy/modules/contrib/samba.fc
+++ b/policy/modules/contrib/samba.fc
@@ -14,6 +14,8 @@
 /usr/bin/smbmount	--	gen_context(system_u:object_r:smbmount_exec_t,s0)
 /usr/bin/smbmnt	--	gen_context(system_u:object_r:smbmount_exec_t,s0)
 
+/usr/lib/systemd/system/smb.*\.service -- gen_context(system_u:object_r:samba_unit_t,s0)
+
 /usr/sbin/swat	--	gen_context(system_u:object_r:swat_exec_t,s0)
 /usr/sbin/nmbd	--	gen_context(system_u:object_r:nmbd_exec_t,s0)
 /usr/sbin/smbd	--	gen_context(system_u:object_r:smbd_exec_t,s0)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index f6e9be3..602be98 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1,4 +1,4 @@
-policy_module(samba, 1.18.0)
+policy_module(samba, 1.18.1)
 
 #################################
 #
@@ -130,6 +130,9 @@ files_type(samba_secrets_t)
 type samba_share_t; # customizable
 files_type(samba_share_t)
 
+type samba_unit_t;
+init_unit_file(samba_unit_t)
+
 type samba_var_t;
 files_type(samba_var_t)
 

diff --git a/policy/modules/contrib/tor.fc b/policy/modules/contrib/tor.fc
index dce42ec..cbaaa15 100644
--- a/policy/modules/contrib/tor.fc
+++ b/policy/modules/contrib/tor.fc
@@ -5,6 +5,8 @@
 /usr/bin/tor	--	gen_context(system_u:object_r:tor_exec_t,s0)
 /usr/sbin/tor	--	gen_context(system_u:object_r:tor_exec_t,s0)
 
+/usr/lib/systemd/system/tor.*\.service -- gen_context(system_u:object_r:tor_unit_t,s0)
+
 /var/lib/tor(/.*)?	gen_context(system_u:object_r:tor_var_lib_t,s0)
 /var/lib/tor-data(/.*)?	gen_context(system_u:object_r:tor_var_lib_t,s0)
 

diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
index 418eb29..3c596d8 100644
--- a/policy/modules/contrib/tor.te
+++ b/policy/modules/contrib/tor.te
@@ -1,4 +1,4 @@
-policy_module(tor, 1.11.0)
+policy_module(tor, 1.11.1)
 
 ########################################
 #
@@ -23,6 +23,9 @@ files_config_file(tor_etc_t)
 type tor_initrc_exec_t;
 init_script_file(tor_initrc_exec_t)
 
+type tor_unit_t;
+init_unit_file(tor_unit_t)
+
 type tor_var_lib_t;
 files_type(tor_var_lib_t)