[gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/modules/kernel/, policy/modules/system/, policy/modules/services/, ...

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/modules/kernel/, policy/modules/system/, policy/modules/services/, ...
@ 2019-12-24 10:00 Jason Zaman
  0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2019-12-24 10:00 UTC (permalink / raw
  To: gentoo-commits

commit:     3ad3fd938f3a06d4170286f9e14bbcd0765e8fb6
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 17 04:17:02 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec 24 09:58:27 2019 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3ad3fd93

Fix gentoo-specific lint issues

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 .travis.yml                           | 2 +-
 policy/modules/admin/portage.fc       | 2 +-
 policy/modules/apps/java.fc           | 2 +-
 policy/modules/apps/qemu.fc           | 4 ++--
 policy/modules/contrib/android.fc     | 2 +-
 policy/modules/contrib/dirsrv.fc      | 4 ++--
 policy/modules/contrib/openrc.fc      | 2 +-
 policy/modules/contrib/phpfpm.fc      | 8 ++++----
 policy/modules/contrib/resolvconf.fc  | 2 +-
 policy/modules/contrib/rtorrent.fc    | 6 +++---
 policy/modules/contrib/uwsgi.fc       | 2 +-
 policy/modules/contrib/vde.fc         | 2 +-
 policy/modules/kernel/corecommands.fc | 8 ++++----
 policy/modules/services/ntp.fc        | 2 +-
 policy/modules/system/lvm.fc          | 5 -----
 policy/modules/system/miscfiles.fc    | 6 ++----
 policy/modules/system/tmpfiles.fc     | 6 +++---
 17 files changed, 29 insertions(+), 36 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 8be908cc..5dfbe090 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,7 +25,7 @@ env:
 matrix:
   include:
   - python: 3.7
-    env: LINT=true TYPE=standard
+    env: LINT=true TYPE=standard DISTRO=gentoo
 
 sudo: false
 dist: bionic

diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc
index 8a41cfff..26850f9d 100644
--- a/policy/modules/admin/portage.fc
+++ b/policy/modules/admin/portage.fc
@@ -23,7 +23,7 @@
 /usr/portage(/.*)?	gen_context(system_u:object_r:portage_ebuild_t,s0)
 /usr/portage/distfiles/cvs-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
 /usr/portage/distfiles/egit-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
-/usr/portage/distfiles/git.?-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
+/usr/portage/distfiles/git[0-9]-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
 /usr/portage/distfiles/go-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
 /usr/portage/distfiles/hg-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)
 /usr/portage/distfiles/svn-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
index e8804805..d0476be2 100644
--- a/policy/modules/apps/java.fc
+++ b/policy/modules/apps/java.fc
@@ -34,5 +34,5 @@ HOME_DIR/\.java(/.*)?	gen_context(system_u:object_r:java_home_t,s0)
 
 ifdef(`distro_gentoo',`
 # Running maven (mvn) command needs read access to this, yet the file is marked as bin_t otherwise
-/usr/share/maven-bin-[^/]*/bin/m2.conf	--	gen_context(system_u:object_r:usr_t,s0)
+/usr/share/maven-bin-[^/]*/bin/m2\.conf	--	gen_context(system_u:object_r:usr_t,s0)
 ')

diff --git a/policy/modules/apps/qemu.fc b/policy/modules/apps/qemu.fc
index df3aa2d3..59dcb78b 100644
--- a/policy/modules/apps/qemu.fc
+++ b/policy/modules/apps/qemu.fc
@@ -12,8 +12,8 @@
 ifdef(`distro_gentoo',`
 /usr/bin/qemu-ga	--	gen_context(system_u:object_r:qemu_ga_exec_t,s0)
 
-/var/log/qemu-ga.log	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)
+/var/log/qemu-ga\.log	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)
 /var/log/qemu-ga(/.*)?	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)
 
-/run/qemu-ga.pid	--	gen_context(system_u:object_r:qemu_ga_run_t,s0)
+/run/qemu-ga\.pid	--	gen_context(system_u:object_r:qemu_ga_run_t,s0)
 ')

diff --git a/policy/modules/contrib/android.fc b/policy/modules/contrib/android.fc
index af983112..a72f5d9f 100644
--- a/policy/modules/contrib/android.fc
+++ b/policy/modules/contrib/android.fc
@@ -2,7 +2,7 @@ HOME_DIR/\.AndroidStudio.*(/.*)?		gen_context(system_u:object_r:android_home_t,s
 HOME_DIR/\.android(/.*)?			gen_context(system_u:object_r:android_home_t,s0)
 HOME_DIR/\.gradle(/.*)?				gen_context(system_u:object_r:android_home_t,s0)
 
-/opt/android-studio/bin/studio.sh		gen_context(system_u:object_r:android_java_exec_t,s0)
+/opt/android-studio/bin/studio\.sh		gen_context(system_u:object_r:android_java_exec_t,s0)
 
 /opt/android-sdk-update-manager/platform-tools/adb	--	gen_context(system_u:object_r:android_tools_exec_t,s0)
 /opt/android-sdk-update-manager/platform-tools/fastboot	--	gen_context(system_u:object_r:android_tools_exec_t,s0)

diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc
index 3a33d632..a675110f 100644
--- a/policy/modules/contrib/dirsrv.fc
+++ b/policy/modules/contrib/dirsrv.fc
@@ -5,8 +5,8 @@
 /var/lib/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_lib_t,s0)
 /var/lock/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_lock_t,s0)
 /var/log/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_log_t,s0)
-/var/log/dirsrv/ldap-agent.log	gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
+/var/log/dirsrv/ldap-agent\.log	gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
 /run/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_runtime_t,s0)
-/run/ldap-agent.pid	gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)
+/run/ldap-agent\.pid	gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)
 
 /etc/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_config_t,s0)

diff --git a/policy/modules/contrib/openrc.fc b/policy/modules/contrib/openrc.fc
index 7d62191c..11bfd461 100644
--- a/policy/modules/contrib/openrc.fc
+++ b/policy/modules/contrib/openrc.fc
@@ -1 +1 @@
-/usr/lib/rc/sh/cgroup-release-agent.sh	--	gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)
+/usr/lib/rc/sh/cgroup-release-agent\.sh	--	gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)

diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc
index da28e772..5592e409 100644
--- a/policy/modules/contrib/phpfpm.fc
+++ b/policy/modules/contrib/phpfpm.fc
@@ -1,5 +1,5 @@
-/usr/lib/php.*/bin/php-fpm		gen_context(system_u:object_r:phpfpm_exec_t,s0)
-/run/php*-fpm/*.sock			gen_context(system_u:object_r:phpfpm_runtime_t,s0)
+/usr/lib/php[^/]*/bin/php-fpm		gen_context(system_u:object_r:phpfpm_exec_t,s0)
+/run/php[^/]*-fpm/[^/]*\.sock			gen_context(system_u:object_r:phpfpm_runtime_t,s0)
 
-/var/log/php-fpm.log			gen_context(system_u:object_r:phpfpm_log_t,s0)
-/run/php-fpm.pid			gen_context(system_u:object_r:phpfpm_runtime_t,s0)
+/var/log/php-fpm\.log			gen_context(system_u:object_r:phpfpm_log_t,s0)
+/run/php-fpm\.pid			gen_context(system_u:object_r:phpfpm_runtime_t,s0)

diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc
index 4e5df895..51383c24 100644
--- a/policy/modules/contrib/resolvconf.fc
+++ b/policy/modules/contrib/resolvconf.fc
@@ -1,4 +1,4 @@
-/etc/resolvconf.conf	--	gen_context(system_u:object_r:resolvconf_conf_t,s0)
+/etc/resolvconf\.conf	--	gen_context(system_u:object_r:resolvconf_conf_t,s0)
 
 /usr/lib/resolvconf(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 

diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc
index 65a77bf0..5e248d1e 100644
--- a/policy/modules/contrib/rtorrent.fc
+++ b/policy/modules/contrib/rtorrent.fc
@@ -1,5 +1,5 @@
-HOME_DIR/.rtorrent.rc	--	gen_context(system_u:object_r:rtorrent_home_t,s0)
-HOME_DIR/.rtsession(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)
-HOME_DIR/.rtorrent(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)
+HOME_DIR/\.rtorrent\.rc	--	gen_context(system_u:object_r:rtorrent_home_t,s0)
+HOME_DIR/\.rtsession(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)
+HOME_DIR/\.rtorrent(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)
 
 /usr/bin/rtorrent	--	gen_context(system_u:object_r:rtorrent_exec_t,s0)

diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc
index 2cf031c1..49580994 100644
--- a/policy/modules/contrib/uwsgi.fc
+++ b/policy/modules/contrib/uwsgi.fc
@@ -1,4 +1,4 @@
-/etc/uwsgi.d(/.*)?					gen_context(system_u:object_r:uwsgi_conf_t,s0)
+/etc/uwsgi\.d(/.*)?					gen_context(system_u:object_r:uwsgi_conf_t,s0)
 
 /usr/bin/uwsgi.*				--	gen_context(system_u:object_r:uwsgi_exec_t,s0)
 

diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc
index bea4fd72..6ba4cc75 100644
--- a/policy/modules/contrib/vde.fc
+++ b/policy/modules/contrib/vde.fc
@@ -2,4 +2,4 @@
 /usr/bin/vde_switch	--	gen_context(system_u:object_r:vde_exec_t,s0)
 /usr/sbin/vde_tunctl	--	gen_context(system_u:object_r:vde_exec_t,s0)
 /run/vde\.ctl(/.*)?		gen_context(system_u:object_r:vde_runtime_t,s0)
-/tmp/vde.[0-9-]*	-s	gen_context(system_u:object_r:vde_tmp_t,s0)
+/tmp/vde\.[^/]*		-s	gen_context(system_u:object_r:vde_tmp_t,s0)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 68944c05..9369157b 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -101,7 +101,7 @@ ifdef(`distro_redhat',`
 
 /etc/vmware-tools(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
-/etc/wpa_supplicant/wpa_cli.sh	--	gen_context(system_u:object_r:bin_t,s0)
+/etc/wpa_supplicant/wpa_cli\.sh	--	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/X11/xdm/GiveConsole	--	gen_context(system_u:object_r:bin_t,s0)
 /etc/X11/xdm/TakeConsole	--	gen_context(system_u:object_r:bin_t,s0)
@@ -268,7 +268,7 @@ ifdef(`distro_gentoo',`
 /usr/lib/[^/]*/run-mozilla\.sh --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/nspluginwrapper/i386/linux/npviewer.bin --	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/nspluginwrapper/i386/linux/npviewer\.bin --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/nspluginwrapper/i386/linux/npviewer	--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/lib/xulrunner-.*/plugin-container		--	gen_context(system_u:object_r:bin_t,s0)
 
@@ -301,7 +301,7 @@ ifdef(`distro_gentoo',`
 /usr/share/apr(-[0-9])?/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/build-1/[^/]+\.sh	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/build-1/libtool	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/share/build-1/mkdir.sh	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/build-1/mkdir\.sh	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/dayplanner/dayplanner --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/denyhosts/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
@@ -319,7 +319,7 @@ ifdef(`distro_gentoo',`
 /usr/share/gnome-sound-recorder/org\.gnome\.SoundRecorder	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/GNUstep/Makefiles/*\.sh		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/GNUstep/Makefiles/[^/]*\.sh		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/GNUstep/Makefiles/mkinstalldirs	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)

diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc
index b16c5739..4d014d19 100644
--- a/policy/modules/services/ntp.fc
+++ b/policy/modules/services/ntp.fc
@@ -42,7 +42,7 @@
 /run/ntpd\.sock	-s	gen_context(system_u:object_r:ntpd_pid_t,s0)
 
 ifdef(`distro_gentoo',`
-/var/lib/openntpd/ntpd.drift	--	gen_context(system_u:object_r:ntp_drift_t,s0)
+/var/lib/openntpd/ntpd\.drift	--	gen_context(system_u:object_r:ntp_drift_t,s0)
 
 # hardlinked to ntpd
 /usr/sbin/ntpctl		--	gen_context(system_u:object_r:ntpd_exec_t,s0)

diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index a3c68a97..8d50e1f2 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -2,11 +2,6 @@
 # configure LVM to put lockfiles in /etc/lvm/lock instead
 # for this policy to work (unless you have no separate /var)
 
-#
-# /dev
-#
-/dev/.lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-
 #
 # /etc
 #

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 031bb2e0..19c4e2e3 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -11,11 +11,9 @@ ifdef(`distro_gentoo',`
 /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
 /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
 /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
-/etc/pki/certs/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)
+/etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)
 /etc/pki/.*/private(/.*)?	gen_context(system_u:object_r:tls_privkey_t,s0)
-/etc/pki/private/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)
-/etc/ssl/certs/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)
-/etc/ssl/private/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)
+/etc/ssl(/.*)?			gen_context(system_u:object_r:cert_t,s0)
 /etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)
 
 ifdef(`distro_debian',`

diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
index 5a13949c..a25eaa58 100644
--- a/policy/modules/system/tmpfiles.fc
+++ b/policy/modules/system/tmpfiles.fc
@@ -1,10 +1,10 @@
 
 ifndef(`init_systemd',`
-/etc/tmpfiles.d(/.*)?				gen_context(system_u:object_r:tmpfiles_conf_t,s0)
-/run/tmpfiles.d(/.*)?				gen_context(system_u:object_r:tmpfiles_runtime_t,s0)
+/etc/tmpfiles\.d(/.*)?				gen_context(system_u:object_r:tmpfiles_conf_t,s0)
+/run/tmpfiles\.d(/.*)?				gen_context(system_u:object_r:tmpfiles_runtime_t,s0)
 ')
 
 /usr/bin/tmpfiles				--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)
 /usr/lib/rc/bin/checkpath			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)
-/usr/lib/rc/sh/tmpfiles.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)
+/usr/lib/rc/sh/tmpfiles\.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)
 


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-12-24 10:00 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-24 10:00 [gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/modules/kernel/, policy/modules/system/, policy/modules/services/, Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox