From a66a4ad4bb2e6c3668f61d2b8b4398c45f977320 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Thu, 19 Jul 2012 14:49:23 +0800 Subject: refpolicy: add policy patches for Yocto. Signed-off-by: Xin Ouyang --- .../fix-mount-to-write-mountpoints-dirs.patch | 81 ++ .../refpolicy-2.20120215/poky-fc-etc_init.d.patch | 1455 ++++++++++++++++++++ .../poky-fc-update-alternatives_sysvinit.patch | 49 + .../refpolicy/refpolicy_2.20120215.inc | 6 + 4 files changed, 1591 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-2.20120215/fix-mount-to-write-mountpoints-dirs.patch create mode 100644 recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-etc_init.d.patch create mode 100644 recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-update-alternatives_sysvinit.patch diff --git a/recipes-security/refpolicy/refpolicy-2.20120215/fix-mount-to-write-mountpoints-dirs.patch b/recipes-security/refpolicy/refpolicy-2.20120215/fix-mount-to-write-mountpoints-dirs.patch new file mode 100644 index 0000000..5003eee --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120215/fix-mount-to-write-mountpoints-dirs.patch @@ -0,0 +1,81 @@ +From 613c4585de3a55db82b209088cb0792b23d1afd8 Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Tue, 3 Jul 2012 10:57:44 +0800 +Subject: [PATCH] refpolicy: fix mount to write mountpoints/dirs. + +Signed-off-by: Xin Ouyang +--- + policy/modules/kernel/files.if | 36 ++++++++++++++++++++++++++++++++++++ + policy/modules/system/mount.te | 2 ++ + 2 files changed, 38 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if +index deb24b4..79966aa 100644 +--- a/policy/modules/kernel/files.if ++++ b/policy/modules/kernel/files.if +@@ -1482,6 +1482,42 @@ interface(`files_dontaudit_list_all_mountpoints',` + + ######################################## + ## ++## Write all mount points. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_write_all_mountpoints',` ++ gen_require(` ++ attribute mountpoint; ++ ') ++ ++ allow $1 mountpoint:dir write; ++') ++ ++######################################## ++## ++## Write all file type directories. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_write_all_dirs',` ++ gen_require(` ++ attribute file_type; ++ ') ++ ++ allow $1 file_type:dir write; ++') ++ ++######################################## ++## + ## List the contents of the root directory. + ## + ## +diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te +index fba350b..991bf62 100644 +--- a/policy/modules/system/mount.te ++++ b/policy/modules/system/mount.te +@@ -79,6 +79,7 @@ files_manage_etc_runtime_files(mount_t) + files_etc_filetrans_etc_runtime(mount_t, file) + files_mounton_all_mountpoints(mount_t) + files_unmount_rootfs(mount_t) ++files_write_all_mountpoints(mount_t) + # These rules need to be generalized. Only admin, initrc should have it: + files_relabelto_all_file_type_fs(mount_t) + files_mount_all_file_type_fs(mount_t) +@@ -89,6 +90,7 @@ files_read_isid_type_files(mount_t) + # For reading cert files + files_read_usr_files(mount_t) + files_list_mnt(mount_t) ++files_write_all_dirs(mount_t) + files_dontaudit_write_root_dirs(mount_t) + + fs_getattr_xattr_fs(mount_t) +-- +1.7.5.4 + diff --git a/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-etc_init.d.patch b/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-etc_init.d.patch new file mode 100644 index 0000000..9fbe33d --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-etc_init.d.patch @@ -0,0 +1,1455 @@ +From 6daeab30481b98b3d2c7243fa27639fd3f3a1a7b Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Mon, 2 Jul 2012 17:37:36 +0800 +Subject: [PATCH] refpolicy: replace all fc /etc/rc.d/init.d to /etc/init.d + +1. batch replace +grep -Rl "/etc/rc\\\.d/init" * | xargs sed -i 's:/etc/rc\\.d/init:/etc/init:' +grep -Rl "/etc/rc\.d/init" * | xargs sed -i 's:/etc/rc.d/init:/etc/init:' + +2. Then modify policy/modules/system/init.fc +@@ -3,10 +3,10 @@ + # + /etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) + +-/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) +-/etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) ++/etc/init\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) ++/etc/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) + +3. delete duplicate fc + > policy/modules/contrib/hadoop.fc : /etc/init\.d/hadoop-xxxx + > policy/modules/kernel/corecommands.fc : /etc/init\.d/functions + > policy/modules/system/init.fc : /etc/init\.d/.*. +--- + policy/modules/contrib/abrt.fc | 2 +- + policy/modules/contrib/afs.fc | 4 ++-- + policy/modules/contrib/aiccu.fc | 2 +- + policy/modules/contrib/aisexec.fc | 2 +- + policy/modules/contrib/amavis.fc | 2 +- + policy/modules/contrib/apache.fc | 4 ++-- + policy/modules/contrib/apcupsd.fc | 2 +- + policy/modules/contrib/arpwatch.fc | 2 +- + policy/modules/contrib/asterisk.fc | 2 +- + policy/modules/contrib/automount.fc | 2 +- + policy/modules/contrib/avahi.fc | 2 +- + policy/modules/contrib/bind.fc | 4 ++-- + policy/modules/contrib/bitlbee.fc | 2 +- + policy/modules/contrib/bluetooth.fc | 6 +++--- + policy/modules/contrib/canna.fc | 2 +- + policy/modules/contrib/certmaster.fc | 2 +- + policy/modules/contrib/certmonger.fc | 2 +- + policy/modules/contrib/cgroup.fc | 4 ++-- + policy/modules/contrib/chronyd.fc | 2 +- + policy/modules/contrib/clamav.fc | 2 +- + policy/modules/contrib/cmirrord.fc | 2 +- + policy/modules/contrib/cobbler.fc | 2 +- + policy/modules/contrib/corosync.fc | 2 +- + policy/modules/contrib/cron.fc | 2 +- + policy/modules/contrib/cups.fc | 2 +- + policy/modules/contrib/cyrus.fc | 2 +- + policy/modules/contrib/ddclient.fc | 2 +- + policy/modules/contrib/denyhosts.fc | 2 +- + policy/modules/contrib/dhcp.fc | 2 +- + policy/modules/contrib/dictd.fc | 2 +- + policy/modules/contrib/dnsmasq.fc | 2 +- + policy/modules/contrib/dovecot.fc | 2 +- + policy/modules/contrib/fail2ban.fc | 2 +- + policy/modules/contrib/ftp.fc | 4 ++-- + policy/modules/contrib/glance.fc | 4 ++-- + policy/modules/contrib/gpsd.fc | 2 +- + policy/modules/contrib/hadoop.fc | 7 ------- + policy/modules/contrib/hddtemp.fc | 2 +- + policy/modules/contrib/icecast.fc | 2 +- + policy/modules/contrib/ifplugd.fc | 2 +- + policy/modules/contrib/inn.fc | 2 +- + policy/modules/contrib/jabber.fc | 2 +- + policy/modules/contrib/kdump.fc | 2 +- + policy/modules/contrib/kerberos.fc | 8 ++++---- + policy/modules/contrib/kerneloops.fc | 2 +- + policy/modules/contrib/ksmtuned.fc | 2 +- + policy/modules/contrib/ldap.fc | 2 +- + policy/modules/contrib/likewise.fc | 16 ++++++++-------- + policy/modules/contrib/lircd.fc | 2 +- + policy/modules/contrib/memcached.fc | 2 +- + policy/modules/contrib/mpd.fc | 2 +- + policy/modules/contrib/munin.fc | 2 +- + policy/modules/contrib/mysql.fc | 4 ++-- + policy/modules/contrib/nagios.fc | 4 ++-- + policy/modules/contrib/networkmanager.fc | 2 +- + policy/modules/contrib/nis.fc | 8 ++++---- + policy/modules/contrib/nscd.fc | 2 +- + policy/modules/contrib/nslcd.fc | 2 +- + policy/modules/contrib/ntp.fc | 2 +- + policy/modules/contrib/oident.fc | 2 +- + policy/modules/contrib/openvpn.fc | 2 +- + policy/modules/contrib/pads.fc | 2 +- + policy/modules/contrib/pingd.fc | 2 +- + policy/modules/contrib/portreserve.fc | 2 +- + policy/modules/contrib/postfixpolicyd.fc | 2 +- + policy/modules/contrib/postgrey.fc | 2 +- + policy/modules/contrib/ppp.fc | 2 +- + policy/modules/contrib/prelude.fc | 6 +++--- + policy/modules/contrib/privoxy.fc | 2 +- + policy/modules/contrib/psad.fc | 2 +- + policy/modules/contrib/puppet.fc | 4 ++-- + policy/modules/contrib/qpid.fc | 2 +- + policy/modules/contrib/radius.fc | 2 +- + policy/modules/contrib/radvd.fc | 2 +- + policy/modules/contrib/rhsmcertd.fc | 2 +- + policy/modules/contrib/roundup.fc | 2 +- + policy/modules/contrib/rpc.fc | 6 +++--- + policy/modules/contrib/rpcbind.fc | 2 +- + policy/modules/contrib/rwho.fc | 2 +- + policy/modules/contrib/samba.fc | 6 +++--- + policy/modules/contrib/samhain.fc | 2 +- + policy/modules/contrib/sanlock.fc | 2 +- + policy/modules/contrib/sasl.fc | 2 +- + policy/modules/contrib/shorewall.fc | 4 ++-- + policy/modules/contrib/smartmon.fc | 2 +- + policy/modules/contrib/smokeping.fc | 2 +- + policy/modules/contrib/snmp.fc | 4 ++-- + policy/modules/contrib/snort.fc | 2 +- + policy/modules/contrib/soundserver.fc | 2 +- + policy/modules/contrib/squid.fc | 2 +- + policy/modules/contrib/sssd.fc | 2 +- + policy/modules/contrib/tcsd.fc | 2 +- + policy/modules/contrib/tgtd.fc | 2 +- + policy/modules/contrib/tor.fc | 2 +- + policy/modules/contrib/tuned.fc | 2 +- + policy/modules/contrib/ulogd.fc | 2 +- + policy/modules/contrib/uuidd.fc | 2 +- + policy/modules/contrib/varnishd.fc | 6 +++--- + policy/modules/contrib/vhostmd.fc | 2 +- + policy/modules/contrib/virt.fc | 2 +- + policy/modules/contrib/zabbix.fc | 4 ++-- + policy/modules/contrib/zebra.fc | 12 ++++++------ + policy/modules/kernel/corecommands.fc | 2 -- + policy/modules/services/postgresql.fc | 2 +- + policy/modules/system/init.fc | 5 ++--- + policy/modules/system/init.te | 4 ++-- + policy/modules/system/ipsec.fc | 4 ++-- + policy/modules/system/iptables.fc | 4 ++-- + policy/modules/system/logging.fc | 4 ++-- + policy/modules/system/setrans.fc | 2 +- + 110 files changed, 153 insertions(+), 163 deletions(-) + +diff --git a/policy/modules/contrib/abrt.fc b/policy/modules/contrib/abrt.fc +index 1bd5812..7661412 100644 +--- a/policy/modules/contrib/abrt.fc ++++ b/policy/modules/contrib/abrt.fc +@@ -1,5 +1,5 @@ + /etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0) +-/etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0) ++/etc/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0) + + /usr/bin/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0) + +diff --git a/policy/modules/contrib/afs.fc b/policy/modules/contrib/afs.fc +index eaea138..d3c74fe 100644 +--- a/policy/modules/contrib/afs.fc ++++ b/policy/modules/contrib/afs.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) ++/etc/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) ++/etc/init\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) + + /usr/afs/bin/bosserver -- gen_context(system_u:object_r:afs_bosserver_exec_t,s0) + /usr/afs/bin/fileserver -- gen_context(system_u:object_r:afs_fsserver_exec_t,s0) +diff --git a/policy/modules/contrib/aiccu.fc b/policy/modules/contrib/aiccu.fc +index 069518f..dd130c0 100644 +--- a/policy/modules/contrib/aiccu.fc ++++ b/policy/modules/contrib/aiccu.fc +@@ -1,5 +1,5 @@ + /etc/aiccu.conf -- gen_context(system_u:object_r:aiccu_etc_t,s0) +-/etc/rc\.d/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0) ++/etc/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0) + + /usr/sbin/aiccu -- gen_context(system_u:object_r:aiccu_exec_t,s0) + +diff --git a/policy/modules/contrib/aisexec.fc b/policy/modules/contrib/aisexec.fc +index 7b4f4b9..5fcf0f0 100644 +--- a/policy/modules/contrib/aisexec.fc ++++ b/policy/modules/contrib/aisexec.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0) ++/etc/init\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0) + + /usr/sbin/aisexec -- gen_context(system_u:object_r:aisexec_exec_t,s0) + +diff --git a/policy/modules/contrib/amavis.fc b/policy/modules/contrib/amavis.fc +index 3b66910..506f69f 100644 +--- a/policy/modules/contrib/amavis.fc ++++ b/policy/modules/contrib/amavis.fc +@@ -1,7 +1,7 @@ + + /etc/amavis(d)?\.conf -- gen_context(system_u:object_r:amavis_etc_t,s0) + /etc/amavisd(/.*)? gen_context(system_u:object_r:amavis_etc_t,s0) +-/etc/rc\.d/init\.d/amavis -- gen_context(system_u:object_r:amavis_initrc_exec_t,s0) ++/etc/init\.d/amavis -- gen_context(system_u:object_r:amavis_initrc_exec_t,s0) + + /usr/sbin/amavisd.* -- gen_context(system_u:object_r:amavis_exec_t,s0) + /usr/lib(64)?/AntiVir/antivir -- gen_context(system_u:object_r:amavis_exec_t,s0) +diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc +index 9e39aa5..8a528e1 100644 +--- a/policy/modules/contrib/apache.fc ++++ b/policy/modules/contrib/apache.fc +@@ -10,8 +10,8 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u + /etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0) + /etc/lighttpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) + /etc/mock/koji(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +-/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) ++/etc/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) ++/etc/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) + + /etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0) + /etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +diff --git a/policy/modules/contrib/apcupsd.fc b/policy/modules/contrib/apcupsd.fc +index cd07b96..8cab4f9 100644 +--- a/policy/modules/contrib/apcupsd.fc ++++ b/policy/modules/contrib/apcupsd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0) ++/etc/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0) + + /sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0) + +diff --git a/policy/modules/contrib/arpwatch.fc b/policy/modules/contrib/arpwatch.fc +index a86a6c7..8630d3e 100644 +--- a/policy/modules/contrib/arpwatch.fc ++++ b/policy/modules/contrib/arpwatch.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0) ++/etc/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/asterisk.fc b/policy/modules/contrib/asterisk.fc +index b4889d4..dfa4a21 100644 +--- a/policy/modules/contrib/asterisk.fc ++++ b/policy/modules/contrib/asterisk.fc +@@ -1,5 +1,5 @@ + /etc/asterisk(/.*)? gen_context(system_u:object_r:asterisk_etc_t,s0) +-/etc/rc\.d/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_initrc_exec_t,s0) ++/etc/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_initrc_exec_t,s0) + + /usr/sbin/asterisk -- gen_context(system_u:object_r:asterisk_exec_t,s0) + +diff --git a/policy/modules/contrib/automount.fc b/policy/modules/contrib/automount.fc +index f16ab68..da0eb61 100644 +--- a/policy/modules/contrib/automount.fc ++++ b/policy/modules/contrib/automount.fc +@@ -2,7 +2,7 @@ + # /etc + # + /etc/apm/event\.d/autofs -- gen_context(system_u:object_r:automount_exec_t,s0) +-/etc/rc\.d/init\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0) ++/etc/init\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/avahi.fc b/policy/modules/contrib/avahi.fc +index 7e36549..3a54343 100644 +--- a/policy/modules/contrib/avahi.fc ++++ b/policy/modules/contrib/avahi.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0) ++/etc/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0) + + /usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0) + /usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0) +diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc +index 59aa54f..7048407 100644 +--- a/policy/modules/contrib/bind.fc ++++ b/policy/modules/contrib/bind.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0) ++/etc/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0) ++/etc/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0) + + /etc/rndc.* -- gen_context(system_u:object_r:named_conf_t,s0) + /etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) +diff --git a/policy/modules/contrib/bitlbee.fc b/policy/modules/contrib/bitlbee.fc +index 0197980..f302014 100644 +--- a/policy/modules/contrib/bitlbee.fc ++++ b/policy/modules/contrib/bitlbee.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/bitlbee -- gen_context(system_u:object_r:bitlbee_initrc_exec_t,s0) ++/etc/init\.d/bitlbee -- gen_context(system_u:object_r:bitlbee_initrc_exec_t,s0) + /etc/bitlbee(/.*)? gen_context(system_u:object_r:bitlbee_conf_t,s0) + + /usr/sbin/bitlbee -- gen_context(system_u:object_r:bitlbee_exec_t,s0) +diff --git a/policy/modules/contrib/bluetooth.fc b/policy/modules/contrib/bluetooth.fc +index dc687e6..6a935c6 100644 +--- a/policy/modules/contrib/bluetooth.fc ++++ b/policy/modules/contrib/bluetooth.fc +@@ -3,9 +3,9 @@ + # + /etc/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_conf_t,s0) + /etc/bluetooth/link_key gen_context(system_u:object_r:bluetooth_conf_rw_t,s0) +-/etc/rc\.d/init\.d/bluetooth -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++/etc/init\.d/bluetooth -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++/etc/init\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++/etc/init\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/canna.fc b/policy/modules/contrib/canna.fc +index 5432d0e..3ee5d32 100644 +--- a/policy/modules/contrib/canna.fc ++++ b/policy/modules/contrib/canna.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/canna -- gen_context(system_u:object_r:canna_initrc_exec_t,s0) ++/etc/init\.d/canna -- gen_context(system_u:object_r:canna_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/certmaster.fc b/policy/modules/contrib/certmaster.fc +index 79295d6..62f31c4 100644 +--- a/policy/modules/contrib/certmaster.fc ++++ b/policy/modules/contrib/certmaster.fc +@@ -1,5 +1,5 @@ + /etc/certmaster(/.*)? gen_context(system_u:object_r:certmaster_etc_rw_t,s0) +-/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0) ++/etc/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0) + + /usr/bin/certmaster -- gen_context(system_u:object_r:certmaster_exec_t,s0) + +diff --git a/policy/modules/contrib/certmonger.fc b/policy/modules/contrib/certmonger.fc +index 5ad1a52..364d6ea 100644 +--- a/policy/modules/contrib/certmonger.fc ++++ b/policy/modules/contrib/certmonger.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/certmonger -- gen_context(system_u:object_r:certmonger_initrc_exec_t,s0) ++/etc/init\.d/certmonger -- gen_context(system_u:object_r:certmonger_initrc_exec_t,s0) + + /usr/sbin/certmonger -- gen_context(system_u:object_r:certmonger_exec_t,s0) + +diff --git a/policy/modules/contrib/cgroup.fc b/policy/modules/contrib/cgroup.fc +index b6bb46c..b719601 100644 +--- a/policy/modules/contrib/cgroup.fc ++++ b/policy/modules/contrib/cgroup.fc +@@ -4,8 +4,8 @@ + /etc/sysconfig/cgconfig -- gen_context(system_u:object_r:cgconfig_etc_t,s0) + /etc/sysconfig/cgred.conf -- gen_context(system_u:object_r:cgrules_etc_t,s0) + +-/etc/rc\.d/init\.d/cgconfig -- gen_context(system_u:object_r:cgconfig_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/cgred -- gen_context(system_u:object_r:cgred_initrc_exec_t,s0) ++/etc/init\.d/cgconfig -- gen_context(system_u:object_r:cgconfig_initrc_exec_t,s0) ++/etc/init\.d/cgred -- gen_context(system_u:object_r:cgred_initrc_exec_t,s0) + + /sbin/cgconfigparser -- gen_context(system_u:object_r:cgconfig_exec_t,s0) + /sbin/cgrulesengd -- gen_context(system_u:object_r:cgred_exec_t,s0) +diff --git a/policy/modules/contrib/chronyd.fc b/policy/modules/contrib/chronyd.fc +index fd8cd0b..27117fb 100644 +--- a/policy/modules/contrib/chronyd.fc ++++ b/policy/modules/contrib/chronyd.fc +@@ -1,6 +1,6 @@ + /etc/chrony\.keys -- gen_context(system_u:object_r:chronyd_keys_t,s0) + +-/etc/rc\.d/init\.d/chronyd -- gen_context(system_u:object_r:chronyd_initrc_exec_t,s0) ++/etc/init\.d/chronyd -- gen_context(system_u:object_r:chronyd_initrc_exec_t,s0) + + /usr/sbin/chronyd -- gen_context(system_u:object_r:chronyd_exec_t,s0) + +diff --git a/policy/modules/contrib/clamav.fc b/policy/modules/contrib/clamav.fc +index e8e9a21..ae7a9af 100644 +--- a/policy/modules/contrib/clamav.fc ++++ b/policy/modules/contrib/clamav.fc +@@ -1,5 +1,5 @@ + /etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0) +-/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0) ++/etc/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0) + + /usr/bin/clamscan -- gen_context(system_u:object_r:clamscan_exec_t,s0) + /usr/bin/clamdscan -- gen_context(system_u:object_r:clamscan_exec_t,s0) +diff --git a/policy/modules/contrib/cmirrord.fc b/policy/modules/contrib/cmirrord.fc +index 049e2b6..3b646e7 100644 +--- a/policy/modules/contrib/cmirrord.fc ++++ b/policy/modules/contrib/cmirrord.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0) ++/etc/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0) + + /usr/sbin/cmirrord -- gen_context(system_u:object_r:cmirrord_exec_t,s0) + +diff --git a/policy/modules/contrib/cobbler.fc b/policy/modules/contrib/cobbler.fc +index 1cf6c4e..0911c4a 100644 +--- a/policy/modules/contrib/cobbler.fc ++++ b/policy/modules/contrib/cobbler.fc +@@ -1,5 +1,5 @@ + /etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0) +-/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0) ++/etc/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0) + + /usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t, s0) + +diff --git a/policy/modules/contrib/corosync.fc b/policy/modules/contrib/corosync.fc +index 3a6d7eb..499b877 100644 +--- a/policy/modules/contrib/corosync.fc ++++ b/policy/modules/contrib/corosync.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0) ++/etc/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0) + + /usr/sbin/corosync -- gen_context(system_u:object_r:corosync_exec_t,s0) + +diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc +index 3559a05..e4f36d2 100644 +--- a/policy/modules/contrib/cron.fc ++++ b/policy/modules/contrib/cron.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0) ++/etc/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0) + + /etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) + /etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0) +diff --git a/policy/modules/contrib/cups.fc b/policy/modules/contrib/cups.fc +index 1b492ed..5296a37 100644 +--- a/policy/modules/contrib/cups.fc ++++ b/policy/modules/contrib/cups.fc +@@ -11,7 +11,7 @@ + /etc/cups/subscriptions.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) + /etc/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0) + /etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) +-/etc/rc\.d/init\.d/cups -- gen_context(system_u:object_r:cupsd_initrc_exec_t,s0) ++/etc/init\.d/cups -- gen_context(system_u:object_r:cupsd_initrc_exec_t,s0) + + /etc/cups/interfaces(/.*)? gen_context(system_u:object_r:cupsd_interface_t,s0) + +diff --git a/policy/modules/contrib/cyrus.fc b/policy/modules/contrib/cyrus.fc +index 25546bc..390aa97 100644 +--- a/policy/modules/contrib/cyrus.fc ++++ b/policy/modules/contrib/cyrus.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0) ++/etc/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0) + + /usr/lib(64)?/cyrus/master -- gen_context(system_u:object_r:cyrus_exec_t,s0) + /usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0) +diff --git a/policy/modules/contrib/ddclient.fc b/policy/modules/contrib/ddclient.fc +index 083c135..0943d1f 100644 +--- a/policy/modules/contrib/ddclient.fc ++++ b/policy/modules/contrib/ddclient.fc +@@ -1,6 +1,6 @@ + /etc/ddclient\.conf -- gen_context(system_u:object_r:ddclient_etc_t,s0) + /etc/ddtcd\.conf -- gen_context(system_u:object_r:ddclient_etc_t,s0) +-/etc/rc\.d/init\.d/ddclient -- gen_context(system_u:object_r:ddclient_initrc_exec_t,s0) ++/etc/init\.d/ddclient -- gen_context(system_u:object_r:ddclient_initrc_exec_t,s0) + + /usr/sbin/ddclient -- gen_context(system_u:object_r:ddclient_exec_t,s0) + /usr/sbin/ddtcd -- gen_context(system_u:object_r:ddclient_exec_t,s0) +diff --git a/policy/modules/contrib/denyhosts.fc b/policy/modules/contrib/denyhosts.fc +index 257fef6..99f81a4 100644 +--- a/policy/modules/contrib/denyhosts.fc ++++ b/policy/modules/contrib/denyhosts.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/denyhosts -- gen_context(system_u:object_r:denyhosts_initrc_exec_t,s0) ++/etc/init\.d/denyhosts -- gen_context(system_u:object_r:denyhosts_initrc_exec_t,s0) + + /usr/bin/denyhosts\.py -- gen_context(system_u:object_r:denyhosts_exec_t,s0) + +diff --git a/policy/modules/contrib/dhcp.fc b/policy/modules/contrib/dhcp.fc +index 767e0c7..75aedae 100644 +--- a/policy/modules/contrib/dhcp.fc ++++ b/policy/modules/contrib/dhcp.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/dhcpd -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0) ++/etc/init\.d/dhcpd -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0) + + /usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0) + +diff --git a/policy/modules/contrib/dictd.fc b/policy/modules/contrib/dictd.fc +index 54f88c8..f2abcad 100644 +--- a/policy/modules/contrib/dictd.fc ++++ b/policy/modules/contrib/dictd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/dictd -- gen_context(system_u:object_r:dictd_initrc_exec_t,s0) ++/etc/init\.d/dictd -- gen_context(system_u:object_r:dictd_initrc_exec_t,s0) + + /etc/dictd\.conf -- gen_context(system_u:object_r:dictd_etc_t,s0) + +diff --git a/policy/modules/contrib/dnsmasq.fc b/policy/modules/contrib/dnsmasq.fc +index b886676..5156a75 100644 +--- a/policy/modules/contrib/dnsmasq.fc ++++ b/policy/modules/contrib/dnsmasq.fc +@@ -1,5 +1,5 @@ + /etc/dnsmasq\.conf -- gen_context(system_u:object_r:dnsmasq_etc_t, s0) +-/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0) ++/etc/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0) + + /usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0) + +diff --git a/policy/modules/contrib/dovecot.fc b/policy/modules/contrib/dovecot.fc +index 3a3ecb2..df878f7 100644 +--- a/policy/modules/contrib/dovecot.fc ++++ b/policy/modules/contrib/dovecot.fc +@@ -7,7 +7,7 @@ + /etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0) + + /etc/pki/dovecot(/.*)? gen_context(system_u:object_r:dovecot_cert_t,s0) +-/etc/rc\.d/init\.d/dovecot -- gen_context(system_u:object_r:dovecot_initrc_exec_t,s0) ++/etc/init\.d/dovecot -- gen_context(system_u:object_r:dovecot_initrc_exec_t,s0) + + # Debian uses /etc/dovecot/ + ifdef(`distro_debian',` +diff --git a/policy/modules/contrib/fail2ban.fc b/policy/modules/contrib/fail2ban.fc +index 0de2b83..bac352b 100644 +--- a/policy/modules/contrib/fail2ban.fc ++++ b/policy/modules/contrib/fail2ban.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0) ++/etc/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0) + + /usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0) + /usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0) +diff --git a/policy/modules/contrib/ftp.fc b/policy/modules/contrib/ftp.fc +index 69dcd2a..d5e2f41 100644 +--- a/policy/modules/contrib/ftp.fc ++++ b/policy/modules/contrib/ftp.fc +@@ -3,8 +3,8 @@ + # + /etc/proftpd\.conf -- gen_context(system_u:object_r:ftpd_etc_t,s0) + /etc/cron\.monthly/proftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) +-/etc/rc\.d/init\.d/vsftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/proftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) ++/etc/init\.d/vsftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) ++/etc/init\.d/proftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/glance.fc b/policy/modules/contrib/glance.fc +index ed3528d..8dc0e2e 100644 +--- a/policy/modules/contrib/glance.fc ++++ b/policy/modules/contrib/glance.fc +@@ -1,6 +1,6 @@ +-/etc/rc\.d/init\.d/openstack-glance-api -- gen_context(system_u:object_r:glance_api_initrc_exec_t,s0) ++/etc/init\.d/openstack-glance-api -- gen_context(system_u:object_r:glance_api_initrc_exec_t,s0) + +-/etc/rc\.d/init\.d/openstack-glance-registry -- gen_context(system_u:object_r:glance_registry_initrc_exec_t,s0) ++/etc/init\.d/openstack-glance-registry -- gen_context(system_u:object_r:glance_registry_initrc_exec_t,s0) + + /usr/bin/glance-api -- gen_context(system_u:object_r:glance_api_exec_t,s0) + /usr/bin/glance-registry -- gen_context(system_u:object_r:glance_registry_exec_t,s0) +diff --git a/policy/modules/contrib/gpsd.fc b/policy/modules/contrib/gpsd.fc +index 5e81e33..5dc42e0 100644 +--- a/policy/modules/contrib/gpsd.fc ++++ b/policy/modules/contrib/gpsd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0) ++/etc/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0) + + /usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0) + +diff --git a/policy/modules/contrib/hadoop.fc b/policy/modules/contrib/hadoop.fc +index 633c470..dc02c13 100644 +--- a/policy/modules/contrib/hadoop.fc ++++ b/policy/modules/contrib/hadoop.fc +@@ -7,13 +7,6 @@ + /etc/init\.d/hadoop-(.*-)?tasktracker -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_exec_t,s0) + /etc/init\.d/zookeeper -- gen_context(system_u:object_r:zookeeper_server_initrc_exec_t,s0) + +-/etc/rc\.d/init\.d/hadoop-(.*-)?datanode -- gen_context(system_u:object_r:hadoop_datanode_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/hadoop-(.*-)?jobtracker -- gen_context(system_u:object_r:hadoop_jobtracker_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/hadoop-(.*-)?namenode -- gen_context(system_u:object_r:hadoop_namenode_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/hadoop-(.*-)?secondarynamenode -- gen_context(system_u:object_r:hadoop_secondarynamenode_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/hadoop-(.*-)?tasktracker -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/hadoop-zookeeper -- gen_context(system_u:object_r:zookeeper_server_initrc_exec_t,s0) +- + /etc/zookeeper(/.*)? gen_context(system_u:object_r:zookeeper_etc_t,s0) + /etc/zookeeper\.dist(/.*)? gen_context(system_u:object_r:zookeeper_etc_t,s0) + +diff --git a/policy/modules/contrib/hddtemp.fc b/policy/modules/contrib/hddtemp.fc +index 1676612..974c301 100644 +--- a/policy/modules/contrib/hddtemp.fc ++++ b/policy/modules/contrib/hddtemp.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0) ++/etc/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0) + + /etc/sysconfig/hddtemp -- gen_context(system_u:object_r:hddtemp_etc_t,s0) + +diff --git a/policy/modules/contrib/icecast.fc b/policy/modules/contrib/icecast.fc +index a81e090..3ee6b19 100644 +--- a/policy/modules/contrib/icecast.fc ++++ b/policy/modules/contrib/icecast.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/icecast -- gen_context(system_u:object_r:icecast_initrc_exec_t,s0) ++/etc/init\.d/icecast -- gen_context(system_u:object_r:icecast_initrc_exec_t,s0) + + /usr/bin/icecast -- gen_context(system_u:object_r:icecast_exec_t,s0) + +diff --git a/policy/modules/contrib/ifplugd.fc b/policy/modules/contrib/ifplugd.fc +index 2eda96f..5430948 100644 +--- a/policy/modules/contrib/ifplugd.fc ++++ b/policy/modules/contrib/ifplugd.fc +@@ -1,6 +1,6 @@ + /etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0) + +-/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0) ++/etc/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0) + + /usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0) + +diff --git a/policy/modules/contrib/inn.fc b/policy/modules/contrib/inn.fc +index 8ca038d..1c11006 100644 +--- a/policy/modules/contrib/inn.fc ++++ b/policy/modules/contrib/inn.fc +@@ -4,7 +4,7 @@ + # + /etc/news(/.*)? gen_context(system_u:object_r:innd_etc_t,s0) + /etc/news/boot -- gen_context(system_u:object_r:innd_exec_t,s0) +-/etc/rc\.d/init\.d/innd -- gen_context(system_u:object_r:innd_initrc_exec_t,s0) ++/etc/init\.d/innd -- gen_context(system_u:object_r:innd_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/jabber.fc b/policy/modules/contrib/jabber.fc +index da6f4b4..e27b77f 100644 +--- a/policy/modules/contrib/jabber.fc ++++ b/policy/modules/contrib/jabber.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/jabber -- gen_context(system_u:object_r:jabberd_initrc_exec_t,s0) ++/etc/init\.d/jabber -- gen_context(system_u:object_r:jabberd_initrc_exec_t,s0) + + /usr/sbin/ejabberd -- gen_context(system_u:object_r:jabberd_exec_t,s0) + /usr/sbin/jabberd -- gen_context(system_u:object_r:jabberd_exec_t,s0) +diff --git a/policy/modules/contrib/kdump.fc b/policy/modules/contrib/kdump.fc +index c66934f..21ea646 100644 +--- a/policy/modules/contrib/kdump.fc ++++ b/policy/modules/contrib/kdump.fc +@@ -1,5 +1,5 @@ + /etc/kdump\.conf -- gen_context(system_u:object_r:kdump_etc_t,s0) +-/etc/rc\.d/init\.d/kdump -- gen_context(system_u:object_r:kdump_initrc_exec_t,s0) ++/etc/init\.d/kdump -- gen_context(system_u:object_r:kdump_initrc_exec_t,s0) + + /sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0) + /sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0) +diff --git a/policy/modules/contrib/kerberos.fc b/policy/modules/contrib/kerberos.fc +index 3525d24..1331079 100644 +--- a/policy/modules/contrib/kerberos.fc ++++ b/policy/modules/contrib/kerberos.fc +@@ -8,10 +8,10 @@ HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0) + /etc/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0) + /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) + +-/etc/rc\.d/init\.d/kadmind -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/kprop -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/init\.d/kadmind -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/init\.d/kprop -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) + + /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0) + /usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0) +diff --git a/policy/modules/contrib/kerneloops.fc b/policy/modules/contrib/kerneloops.fc +index 5ef261a..adc4cdc 100644 +--- a/policy/modules/contrib/kerneloops.fc ++++ b/policy/modules/contrib/kerneloops.fc +@@ -1,3 +1,3 @@ +-/etc/rc\.d/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0) ++/etc/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0) + + /usr/sbin/kerneloops -- gen_context(system_u:object_r:kerneloops_exec_t,s0) +diff --git a/policy/modules/contrib/ksmtuned.fc b/policy/modules/contrib/ksmtuned.fc +index 9c0c835..d129dfb 100644 +--- a/policy/modules/contrib/ksmtuned.fc ++++ b/policy/modules/contrib/ksmtuned.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/ksmtuned -- gen_context(system_u:object_r:ksmtuned_initrc_exec_t,s0) ++/etc/init\.d/ksmtuned -- gen_context(system_u:object_r:ksmtuned_initrc_exec_t,s0) + + /usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0) + +diff --git a/policy/modules/contrib/ldap.fc b/policy/modules/contrib/ldap.fc +index c62f23e..589e3fd 100644 +--- a/policy/modules/contrib/ldap.fc ++++ b/policy/modules/contrib/ldap.fc +@@ -1,6 +1,6 @@ + + /etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0) +-/etc/rc\.d/init\.d/ldap -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0) ++/etc/init\.d/ldap -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0) + + /usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0) + +diff --git a/policy/modules/contrib/likewise.fc b/policy/modules/contrib/likewise.fc +index 057a4e4..a42c46a 100644 +--- a/policy/modules/contrib/likewise.fc ++++ b/policy/modules/contrib/likewise.fc +@@ -2,14 +2,14 @@ + /etc/likewise-open/.pstore.lock -- gen_context(system_u:object_r:likewise_pstore_lock_t,s0) + /etc/likewise-open/likewise-krb5-ad.conf -- gen_context(system_u:object_r:likewise_krb5_ad_t,s0) + +-/etc/rc\.d/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) + + /usr/sbin/dcerpcd -- gen_context(system_u:object_r:dcerpcd_exec_t,s0) + /usr/sbin/eventlogd -- gen_context(system_u:object_r:eventlogd_exec_t,s0) +diff --git a/policy/modules/contrib/lircd.fc b/policy/modules/contrib/lircd.fc +index 49e04e5..501a11f 100644 +--- a/policy/modules/contrib/lircd.fc ++++ b/policy/modules/contrib/lircd.fc +@@ -1,6 +1,6 @@ + /dev/lircd -s gen_context(system_u:object_r:lircd_sock_t,s0) + +-/etc/rc\.d/init\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0) ++/etc/init\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0) + /etc/lircd\.conf -- gen_context(system_u:object_r:lircd_etc_t,s0) + + /usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0) +diff --git a/policy/modules/contrib/memcached.fc b/policy/modules/contrib/memcached.fc +index 4d69477..b814405 100644 +--- a/policy/modules/contrib/memcached.fc ++++ b/policy/modules/contrib/memcached.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/memcached -- gen_context(system_u:object_r:memcached_initrc_exec_t,s0) ++/etc/init\.d/memcached -- gen_context(system_u:object_r:memcached_initrc_exec_t,s0) + + /usr/bin/memcached -- gen_context(system_u:object_r:memcached_exec_t,s0) + +diff --git a/policy/modules/contrib/mpd.fc b/policy/modules/contrib/mpd.fc +index ddc14d6..dfffdf3 100644 +--- a/policy/modules/contrib/mpd.fc ++++ b/policy/modules/contrib/mpd.fc +@@ -1,5 +1,5 @@ + /etc/mpd\.conf -- gen_context(system_u:object_r:mpd_etc_t,s0) +-/etc/rc\.d/init\.d/mpd -- gen_context(system_u:object_r:mpd_initrc_exec_t,s0) ++/etc/init\.d/mpd -- gen_context(system_u:object_r:mpd_initrc_exec_t,s0) + + /usr/bin/mpd -- gen_context(system_u:object_r:mpd_exec_t,s0) + +diff --git a/policy/modules/contrib/munin.fc b/policy/modules/contrib/munin.fc +index fd71d69..3ab97af 100644 +--- a/policy/modules/contrib/munin.fc ++++ b/policy/modules/contrib/munin.fc +@@ -1,5 +1,5 @@ + /etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0) +-/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0) ++/etc/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0) + + /usr/bin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) + /usr/sbin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) +diff --git a/policy/modules/contrib/mysql.fc b/policy/modules/contrib/mysql.fc +index 716d666..bba693d 100644 +--- a/policy/modules/contrib/mysql.fc ++++ b/policy/modules/contrib/mysql.fc +@@ -5,8 +5,8 @@ + # + /etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0) + /etc/mysql(/.*)? gen_context(system_u:object_r:mysqld_etc_t,s0) +-/etc/rc\.d/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) ++/etc/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_initrc_exec_t,s0) ++/etc/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/nagios.fc b/policy/modules/contrib/nagios.fc +index 1fc9905..00cb5cb 100644 +--- a/policy/modules/contrib/nagios.fc ++++ b/policy/modules/contrib/nagios.fc +@@ -1,7 +1,7 @@ + /etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0) + /etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0) +-/etc/rc\.d/init\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) ++/etc/init\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) ++/etc/init\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) + + /usr/s?bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) + /usr/s?bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) +diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc +index 386543b..50e0faa 100644 +--- a/policy/modules/contrib/networkmanager.fc ++++ b/policy/modules/contrib/networkmanager.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) ++/etc/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) + + /etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) + +diff --git a/policy/modules/contrib/nis.fc b/policy/modules/contrib/nis.fc +index 15448d5..f7d6f6f 100644 +--- a/policy/modules/contrib/nis.fc ++++ b/policy/modules/contrib/nis.fc +@@ -1,7 +1,7 @@ +-/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ypserv -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ypxfrd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++/etc/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0) ++/etc/init\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++/etc/init\.d/ypserv -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++/etc/init\.d/ypxfrd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) + /etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0) + + /sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0) +diff --git a/policy/modules/contrib/nscd.fc b/policy/modules/contrib/nscd.fc +index 623b731..6089dda 100644 +--- a/policy/modules/contrib/nscd.fc ++++ b/policy/modules/contrib/nscd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0) ++/etc/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0) + + /usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0) + +diff --git a/policy/modules/contrib/nslcd.fc b/policy/modules/contrib/nslcd.fc +index ce913b2..1f6e4c0 100644 +--- a/policy/modules/contrib/nslcd.fc ++++ b/policy/modules/contrib/nslcd.fc +@@ -1,4 +1,4 @@ + /etc/nss-ldapd.conf -- gen_context(system_u:object_r:nslcd_conf_t,s0) +-/etc/rc\.d/init\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0) ++/etc/init\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0) + /usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0) + /var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0) +diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc +index e79dccc..d609a67 100644 +--- a/policy/modules/contrib/ntp.fc ++++ b/policy/modules/contrib/ntp.fc +@@ -8,7 +8,7 @@ + /etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0) + /etc/ntp/step-tickers.* -- gen_context(system_u:object_r:net_conf_t,s0) + +-/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) ++/etc/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) + + /usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0) + /usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0) +diff --git a/policy/modules/contrib/oident.fc b/policy/modules/contrib/oident.fc +index 5840ea8..3eb8272 100644 +--- a/policy/modules/contrib/oident.fc ++++ b/policy/modules/contrib/oident.fc +@@ -3,6 +3,6 @@ HOME_DIR/\.oidentd.conf gen_context(system_u:object_r:oidentd_home_t, s0) + /etc/oidentd\.conf -- gen_context(system_u:object_r:oidentd_config_t, s0) + /etc/oidentd_masq\.conf -- gen_context(system_u:object_r:oidentd_config_t, s0) + +-/etc/rc\.d/init\.d/oidentd -- gen_context(system_u:object_r:oidentd_initrc_exec_t, s0) ++/etc/init\.d/oidentd -- gen_context(system_u:object_r:oidentd_initrc_exec_t, s0) + + /usr/sbin/oidentd -- gen_context(system_u:object_r:oidentd_exec_t, s0) +diff --git a/policy/modules/contrib/openvpn.fc b/policy/modules/contrib/openvpn.fc +index 1c1086e..3fafedf 100644 +--- a/policy/modules/contrib/openvpn.fc ++++ b/policy/modules/contrib/openvpn.fc +@@ -3,7 +3,7 @@ + # + /etc/openvpn(/.*)? gen_context(system_u:object_r:openvpn_etc_t,s0) + /etc/openvpn/ipp.txt -- gen_context(system_u:object_r:openvpn_etc_rw_t,s0) +-/etc/rc\.d/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_initrc_exec_t,s0) ++/etc/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/pads.fc b/policy/modules/contrib/pads.fc +index 0870c56..fcedae0 100644 +--- a/policy/modules/contrib/pads.fc ++++ b/policy/modules/contrib/pads.fc +@@ -3,7 +3,7 @@ + /etc/pads.conf -- gen_context(system_u:object_r:pads_config_t, s0) + /etc/pads-assets.csv -- gen_context(system_u:object_r:pads_config_t, s0) + +-/etc/rc\.d/init\.d/pads -- gen_context(system_u:object_r:pads_initrc_exec_t, s0) ++/etc/init\.d/pads -- gen_context(system_u:object_r:pads_initrc_exec_t, s0) + + /usr/bin/pads -- gen_context(system_u:object_r:pads_exec_t, s0) + +diff --git a/policy/modules/contrib/pingd.fc b/policy/modules/contrib/pingd.fc +index ea085f7..55aee6d 100644 +--- a/policy/modules/contrib/pingd.fc ++++ b/policy/modules/contrib/pingd.fc +@@ -1,5 +1,5 @@ + /etc/pingd.conf -- gen_context(system_u:object_r:pingd_etc_t,s0) +-/etc/rc\.d/init\.d/whatsup-pingd -- gen_context(system_u:object_r:pingd_initrc_exec_t,s0) ++/etc/init\.d/whatsup-pingd -- gen_context(system_u:object_r:pingd_initrc_exec_t,s0) + + /usr/lib/pingd(/.*)? gen_context(system_u:object_r:pingd_modules_t,s0) + +diff --git a/policy/modules/contrib/portreserve.fc b/policy/modules/contrib/portreserve.fc +index 4313a6f..3164dfb 100644 +--- a/policy/modules/contrib/portreserve.fc ++++ b/policy/modules/contrib/portreserve.fc +@@ -1,6 +1,6 @@ + /etc/portreserve(/.*)? gen_context(system_u:object_r:portreserve_etc_t,s0) + +-/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0) ++/etc/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0) + + /sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0) + +diff --git a/policy/modules/contrib/postfixpolicyd.fc b/policy/modules/contrib/postfixpolicyd.fc +index 4361cb6..87ba723 100644 +--- a/policy/modules/contrib/postfixpolicyd.fc ++++ b/policy/modules/contrib/postfixpolicyd.fc +@@ -1,5 +1,5 @@ + /etc/policyd.conf -- gen_context(system_u:object_r:postfix_policyd_conf_t, s0) +-/etc/rc\.d/init\.d/postfixpolicyd -- gen_context(system_u:object_r:postfix_policyd_initrc_exec_t,s0) ++/etc/init\.d/postfixpolicyd -- gen_context(system_u:object_r:postfix_policyd_initrc_exec_t,s0) + + /usr/sbin/policyd -- gen_context(system_u:object_r:postfix_policyd_exec_t, s0) + +diff --git a/policy/modules/contrib/postgrey.fc b/policy/modules/contrib/postgrey.fc +index e731841..757c507 100644 +--- a/policy/modules/contrib/postgrey.fc ++++ b/policy/modules/contrib/postgrey.fc +@@ -1,6 +1,6 @@ + + /etc/postgrey(/.*)? gen_context(system_u:object_r:postgrey_etc_t,s0) +-/etc/rc\.d/init\.d/postgrey -- gen_context(system_u:object_r:postgrey_initrc_exec_t,s0) ++/etc/init\.d/postgrey -- gen_context(system_u:object_r:postgrey_initrc_exec_t,s0) + + /usr/sbin/postgrey -- gen_context(system_u:object_r:postgrey_exec_t,s0) + +diff --git a/policy/modules/contrib/ppp.fc b/policy/modules/contrib/ppp.fc +index 2d82c6d..f3e40ce 100644 +--- a/policy/modules/contrib/ppp.fc ++++ b/policy/modules/contrib/ppp.fc +@@ -1,7 +1,7 @@ + # + # /etc + # +-/etc/rc\.d/init\.d/ppp -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0) ++/etc/init\.d/ppp -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0) + + /etc/ppp -d gen_context(system_u:object_r:pppd_etc_t,s0) + /etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0) +diff --git a/policy/modules/contrib/prelude.fc b/policy/modules/contrib/prelude.fc +index 3bd847a..6dc169c 100644 +--- a/policy/modules/contrib/prelude.fc ++++ b/policy/modules/contrib/prelude.fc +@@ -1,7 +1,7 @@ + /etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0) +-/etc/rc\.d/init\.d/prelude-correlator -- gen_context(system_u:object_r:prelude_initrc_exec_t, s0) +-/etc/rc\.d/init\.d/prelude-lml -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/prelude-manager -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) ++/etc/init\.d/prelude-correlator -- gen_context(system_u:object_r:prelude_initrc_exec_t, s0) ++/etc/init\.d/prelude-lml -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) ++/etc/init\.d/prelude-manager -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) + + /sbin/audisp-prelude -- gen_context(system_u:object_r:prelude_audisp_exec_t,s0) + +diff --git a/policy/modules/contrib/privoxy.fc b/policy/modules/contrib/privoxy.fc +index be4998a..5bbba5c 100644 +--- a/policy/modules/contrib/privoxy.fc ++++ b/policy/modules/contrib/privoxy.fc +@@ -1,5 +1,5 @@ + /etc/privoxy/[^/]*\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0) +-/etc/rc\.d/init\.d/privoxy -- gen_context(system_u:object_r:privoxy_initrc_exec_t,s0) ++/etc/init\.d/privoxy -- gen_context(system_u:object_r:privoxy_initrc_exec_t,s0) + + /usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0) + +diff --git a/policy/modules/contrib/psad.fc b/policy/modules/contrib/psad.fc +index 6c66d44..fa18b23 100644 +--- a/policy/modules/contrib/psad.fc ++++ b/policy/modules/contrib/psad.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/psad -- gen_context(system_u:object_r:psad_initrc_exec_t,s0) ++/etc/init\.d/psad -- gen_context(system_u:object_r:psad_initrc_exec_t,s0) + /etc/psad(/.*)? gen_context(system_u:object_r:psad_etc_t,s0) + + /usr/sbin/psad -- gen_context(system_u:object_r:psad_exec_t,s0) +diff --git a/policy/modules/contrib/puppet.fc b/policy/modules/contrib/puppet.fc +index 2f1e529..978e99b 100644 +--- a/policy/modules/contrib/puppet.fc ++++ b/policy/modules/contrib/puppet.fc +@@ -1,7 +1,7 @@ + /etc/puppet(/.*)? gen_context(system_u:object_r:puppet_etc_t,s0) + +-/etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0) ++/etc/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0) ++/etc/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0) + + /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) + /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) +diff --git a/policy/modules/contrib/qpid.fc b/policy/modules/contrib/qpid.fc +index 4f94229..77389a5 100644 +--- a/policy/modules/contrib/qpid.fc ++++ b/policy/modules/contrib/qpid.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/qpidd -- gen_context(system_u:object_r:qpidd_initrc_exec_t,s0) ++/etc/init\.d/qpidd -- gen_context(system_u:object_r:qpidd_initrc_exec_t,s0) + + /usr/sbin/qpidd -- gen_context(system_u:object_r:qpidd_exec_t,s0) + +diff --git a/policy/modules/contrib/radius.fc b/policy/modules/contrib/radius.fc +index 09f7b50..a37d318 100644 +--- a/policy/modules/contrib/radius.fc ++++ b/policy/modules/contrib/radius.fc +@@ -1,7 +1,7 @@ + + /etc/cron\.(daily|monthly)/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0) + /etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0) +-/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0) ++/etc/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0) + + /etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0) + /etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0) +diff --git a/policy/modules/contrib/radvd.fc b/policy/modules/contrib/radvd.fc +index cc98d83..245b5e1 100644 +--- a/policy/modules/contrib/radvd.fc ++++ b/policy/modules/contrib/radvd.fc +@@ -1,5 +1,5 @@ + /etc/radvd\.conf -- gen_context(system_u:object_r:radvd_etc_t,s0) +-/etc/rc\.d/init\.d/radvd -- gen_context(system_u:object_r:radvd_initrc_exec_t,s0) ++/etc/init\.d/radvd -- gen_context(system_u:object_r:radvd_initrc_exec_t,s0) + + /usr/sbin/radvd -- gen_context(system_u:object_r:radvd_exec_t,s0) + +diff --git a/policy/modules/contrib/rhsmcertd.fc b/policy/modules/contrib/rhsmcertd.fc +index c7add8b..53fecf0 100644 +--- a/policy/modules/contrib/rhsmcertd.fc ++++ b/policy/modules/contrib/rhsmcertd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/rhsmcertd -- gen_context(system_u:object_r:rhsmcertd_initrc_exec_t,s0) ++/etc/init\.d/rhsmcertd -- gen_context(system_u:object_r:rhsmcertd_initrc_exec_t,s0) + + /usr/bin/rhsmcertd -- gen_context(system_u:object_r:rhsmcertd_exec_t,s0) + +diff --git a/policy/modules/contrib/roundup.fc b/policy/modules/contrib/roundup.fc +index e4110e6..c0c72f0 100644 +--- a/policy/modules/contrib/roundup.fc ++++ b/policy/modules/contrib/roundup.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0) ++/etc/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/rpc.fc b/policy/modules/contrib/rpc.fc +index 4dd92d8..c60eef4 100644 +--- a/policy/modules/contrib/rpc.fc ++++ b/policy/modules/contrib/rpc.fc +@@ -2,9 +2,9 @@ + # /etc + # + /etc/exports -- gen_context(system_u:object_r:exports_t,s0) +-/etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/nfslock -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/rpcidmapd -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) ++/etc/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) ++/etc/init\.d/nfslock -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) ++/etc/init\.d/rpcidmapd -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) + + # + # /sbin +diff --git a/policy/modules/contrib/rpcbind.fc b/policy/modules/contrib/rpcbind.fc +index 3cd9e62..605f726 100644 +--- a/policy/modules/contrib/rpcbind.fc ++++ b/policy/modules/contrib/rpcbind.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0) ++/etc/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0) + + /usr/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0) + +diff --git a/policy/modules/contrib/rwho.fc b/policy/modules/contrib/rwho.fc +index bc048ce..a2a09ad 100644 +--- a/policy/modules/contrib/rwho.fc ++++ b/policy/modules/contrib/rwho.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/rwhod -- gen_context(system_u:object_r:rwho_initrc_exec_t,s0) ++/etc/init\.d/rwhod -- gen_context(system_u:object_r:rwho_initrc_exec_t,s0) + + /usr/sbin/rwhod -- gen_context(system_u:object_r:rwho_exec_t,s0) + +diff --git a/policy/modules/contrib/samba.fc b/policy/modules/contrib/samba.fc +index 69a6074..67cb3c3 100644 +--- a/policy/modules/contrib/samba.fc ++++ b/policy/modules/contrib/samba.fc +@@ -2,9 +2,9 @@ + # + # /etc + # +-/etc/rc\.d/init\.d/nmb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/smb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/winbind -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++/etc/init\.d/nmb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++/etc/init\.d/smb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++/etc/init\.d/winbind -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) + /etc/samba/MACHINE\.SID -- gen_context(system_u:object_r:samba_secrets_t,s0) + /etc/samba/passdb\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) + /etc/samba/secrets\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) +diff --git a/policy/modules/contrib/samhain.fc b/policy/modules/contrib/samhain.fc +index 94b2f73..636a07b 100644 +--- a/policy/modules/contrib/samhain.fc ++++ b/policy/modules/contrib/samhain.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/samhain -- gen_context(system_u:object_r:samhain_initrc_exec_t,s0) ++/etc/init\.d/samhain -- gen_context(system_u:object_r:samhain_initrc_exec_t,s0) + + /etc/samhainrc -- gen_context(system_u:object_r:samhain_etc_t,mls_systemhigh) + +diff --git a/policy/modules/contrib/sanlock.fc b/policy/modules/contrib/sanlock.fc +index 5d1826c..e5d2044 100644 +--- a/policy/modules/contrib/sanlock.fc ++++ b/policy/modules/contrib/sanlock.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/sanlock -- gen_context(system_u:object_r:sanlock_initrc_exec_t,s0) ++/etc/init\.d/sanlock -- gen_context(system_u:object_r:sanlock_initrc_exec_t,s0) + + /var/run/sanlock(/.*)? gen_context(system_u:object_r:sanlock_var_run_t,s0) + +diff --git a/policy/modules/contrib/sasl.fc b/policy/modules/contrib/sasl.fc +index 7e58679..2bfbf1c 100644 +--- a/policy/modules/contrib/sasl.fc ++++ b/policy/modules/contrib/sasl.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) ++/etc/init\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/shorewall.fc b/policy/modules/contrib/shorewall.fc +index 48d1363..62b3ab9 100644 +--- a/policy/modules/contrib/shorewall.fc ++++ b/policy/modules/contrib/shorewall.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) ++/etc/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) ++/etc/init\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) + + /etc/shorewall(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) + /etc/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) +diff --git a/policy/modules/contrib/smartmon.fc b/policy/modules/contrib/smartmon.fc +index 268ae3d..4c83a67 100644 +--- a/policy/modules/contrib/smartmon.fc ++++ b/policy/modules/contrib/smartmon.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0) ++/etc/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/smokeping.fc b/policy/modules/contrib/smokeping.fc +index 9ff2d99..2cc9547 100644 +--- a/policy/modules/contrib/smokeping.fc ++++ b/policy/modules/contrib/smokeping.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/smokeping -- gen_context(system_u:object_r:smokeping_initrc_exec_t,s0) ++/etc/init\.d/smokeping -- gen_context(system_u:object_r:smokeping_initrc_exec_t,s0) + + /usr/sbin/smokeping -- gen_context(system_u:object_r:smokeping_exec_t,s0) + +diff --git a/policy/modules/contrib/snmp.fc b/policy/modules/contrib/snmp.fc +index 623c8fa..cd82bf8 100644 +--- a/policy/modules/contrib/snmp.fc ++++ b/policy/modules/contrib/snmp.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/snmpd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) ++/etc/init\.d/snmpd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) ++/etc/init\.d/snmptrapd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) + + # + # /usr +diff --git a/policy/modules/contrib/snort.fc b/policy/modules/contrib/snort.fc +index 7bedd2f..47c24ae 100644 +--- a/policy/modules/contrib/snort.fc ++++ b/policy/modules/contrib/snort.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/snortd -- gen_context(system_u:object_r:snort_initrc_exec_t,s0) ++/etc/init\.d/snortd -- gen_context(system_u:object_r:snort_initrc_exec_t,s0) + /etc/snort(/.*)? gen_context(system_u:object_r:snort_etc_t,s0) + + /usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0) +diff --git a/policy/modules/contrib/soundserver.fc b/policy/modules/contrib/soundserver.fc +index d89b2cb..70c407f 100644 +--- a/policy/modules/contrib/soundserver.fc ++++ b/policy/modules/contrib/soundserver.fc +@@ -1,5 +1,5 @@ + /etc/nas(/.*)? gen_context(system_u:object_r:soundd_etc_t,s0) +-/etc/rc\.d/init\.d/nasd -- gen_context(system_u:object_r:soundd_initrc_exec_t,s0) ++/etc/init\.d/nasd -- gen_context(system_u:object_r:soundd_initrc_exec_t,s0) + /etc/yiff(/.*)? gen_context(system_u:object_r:soundd_etc_t,s0) + + /usr/bin/nasd -- gen_context(system_u:object_r:soundd_exec_t,s0) +diff --git a/policy/modules/contrib/squid.fc b/policy/modules/contrib/squid.fc +index 6cc4a90..84afb28 100644 +--- a/policy/modules/contrib/squid.fc ++++ b/policy/modules/contrib/squid.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/squid -- gen_context(system_u:object_r:squid_initrc_exec_t,s0) ++/etc/init\.d/squid -- gen_context(system_u:object_r:squid_initrc_exec_t,s0) + /etc/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0) + + /usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) +diff --git a/policy/modules/contrib/sssd.fc b/policy/modules/contrib/sssd.fc +index 4271815..f752f40 100644 +--- a/policy/modules/contrib/sssd.fc ++++ b/policy/modules/contrib/sssd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0) ++/etc/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0) + + /usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0) + +diff --git a/policy/modules/contrib/tcsd.fc b/policy/modules/contrib/tcsd.fc +index 1a6527c..f3f9c69 100644 +--- a/policy/modules/contrib/tcsd.fc ++++ b/policy/modules/contrib/tcsd.fc +@@ -1,3 +1,3 @@ +-/etc/rc\.d/init\.d/tcsd -- gen_context(system_u:object_r:tcsd_initrc_exec_t,s0) ++/etc/init\.d/tcsd -- gen_context(system_u:object_r:tcsd_initrc_exec_t,s0) + /usr/sbin/tcsd -- gen_context(system_u:object_r:tcsd_exec_t,s0) + /var/lib/tpm(/.*)? gen_context(system_u:object_r:tcsd_var_lib_t,s0) +diff --git a/policy/modules/contrib/tgtd.fc b/policy/modules/contrib/tgtd.fc +index 8294f6f..5cdb3b4 100644 +--- a/policy/modules/contrib/tgtd.fc ++++ b/policy/modules/contrib/tgtd.fc +@@ -1,3 +1,3 @@ +-/etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0) ++/etc/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0) + /usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t,s0) + /var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0) +diff --git a/policy/modules/contrib/tor.fc b/policy/modules/contrib/tor.fc +index e2e06b2..54a1b70 100644 +--- a/policy/modules/contrib/tor.fc ++++ b/policy/modules/contrib/tor.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/tor -- gen_context(system_u:object_r:tor_initrc_exec_t,s0) ++/etc/init\.d/tor -- gen_context(system_u:object_r:tor_initrc_exec_t,s0) + /etc/tor(/.*)? gen_context(system_u:object_r:tor_etc_t,s0) + + /usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0) +diff --git a/policy/modules/contrib/tuned.fc b/policy/modules/contrib/tuned.fc +index 639c962..36bd64b 100644 +--- a/policy/modules/contrib/tuned.fc ++++ b/policy/modules/contrib/tuned.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/tuned -- gen_context(system_u:object_r:tuned_initrc_exec_t,s0) ++/etc/init\.d/tuned -- gen_context(system_u:object_r:tuned_initrc_exec_t,s0) + + /usr/sbin/tuned -- gen_context(system_u:object_r:tuned_exec_t,s0) + +diff --git a/policy/modules/contrib/ulogd.fc b/policy/modules/contrib/ulogd.fc +index 831b4a3..c80abaa 100644 +--- a/policy/modules/contrib/ulogd.fc ++++ b/policy/modules/contrib/ulogd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0) ++/etc/init\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0) + /etc/ulogd.conf -- gen_context(system_u:object_r:ulogd_etc_t,s0) + + /usr/lib/ulogd(/.*)? gen_context(system_u:object_r:ulogd_modules_t,s0) +diff --git a/policy/modules/contrib/uuidd.fc b/policy/modules/contrib/uuidd.fc +index a7c9381..ea1f21a 100644 +--- a/policy/modules/contrib/uuidd.fc ++++ b/policy/modules/contrib/uuidd.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/uuidd -- gen_context(system_u:object_r:uuidd_initrc_exec_t,s0) ++/etc/init\.d/uuidd -- gen_context(system_u:object_r:uuidd_initrc_exec_t,s0) + + /usr/sbin/uuidd -- gen_context(system_u:object_r:uuidd_exec_t,s0) + +diff --git a/policy/modules/contrib/varnishd.fc b/policy/modules/contrib/varnishd.fc +index 194d123..1bea69e 100644 +--- a/policy/modules/contrib/varnishd.fc ++++ b/policy/modules/contrib/varnishd.fc +@@ -1,6 +1,6 @@ +-/etc/rc\.d/init\.d/varnish -- gen_context(system_u:object_r:varnishd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/varnishlog -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/varnishncsa -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) ++/etc/init\.d/varnish -- gen_context(system_u:object_r:varnishd_initrc_exec_t,s0) ++/etc/init\.d/varnishlog -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) ++/etc/init\.d/varnishncsa -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) + + /etc/varnish(/.*)? gen_context(system_u:object_r:varnishd_etc_t,s0) + +diff --git a/policy/modules/contrib/vhostmd.fc b/policy/modules/contrib/vhostmd.fc +index c1fb329..a927997 100644 +--- a/policy/modules/contrib/vhostmd.fc ++++ b/policy/modules/contrib/vhostmd.fc +@@ -1,4 +1,4 @@ +-/etc/rc.d/init.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0) ++/etc/init.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0) + + /usr/sbin/vhostmd -- gen_context(system_u:object_r:vhostmd_exec_t,s0) + +diff --git a/policy/modules/contrib/virt.fc b/policy/modules/contrib/virt.fc +index 2124b6a..636ffad 100644 +--- a/policy/modules/contrib/virt.fc ++++ b/policy/modules/contrib/virt.fc +@@ -6,7 +6,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t + /etc/libvirt/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0) + /etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0) + /etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0) +-/etc/rc\.d/init\.d/libvirtd -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) ++/etc/init\.d/libvirtd -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) + /etc/xen -d gen_context(system_u:object_r:virt_etc_t,s0) + /etc/xen/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0) + /etc/xen/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0) +diff --git a/policy/modules/contrib/zabbix.fc b/policy/modules/contrib/zabbix.fc +index aa5a521..88b98da 100644 +--- a/policy/modules/contrib/zabbix.fc ++++ b/policy/modules/contrib/zabbix.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/zabbix-agentd -- gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0) ++/etc/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) ++/etc/init\.d/zabbix-agentd -- gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0) + + /usr/(s)?bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) + /usr/(s)?bin/zabbix_agentd -- gen_context(system_u:object_r:zabbix_agent_exec_t,s0) +diff --git a/policy/modules/contrib/zebra.fc b/policy/modules/contrib/zebra.fc +index e1b30b2..10c1164 100644 +--- a/policy/modules/contrib/zebra.fc ++++ b/policy/modules/contrib/zebra.fc +@@ -1,9 +1,9 @@ +-/etc/rc\.d/init\.d/bgpd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ospf6d -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ospfd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ripd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ripngd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/zebra -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/bgpd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/ospf6d -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/ospfd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/ripd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/ripngd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/init\.d/zebra -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) + + /usr/sbin/bgpd -- gen_context(system_u:object_r:zebra_exec_t,s0) + /usr/sbin/zebra -- gen_context(system_u:object_r:zebra_exec_t,s0) +diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc +index 9eb091a..66b4ecb 100644 +--- a/policy/modules/kernel/corecommands.fc ++++ b/policy/modules/kernel/corecommands.fc +@@ -96,8 +96,6 @@ ifdef(`distro_redhat',` + + /etc/racoon/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) + +-/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0) +- + /etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0) + + /etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0) +diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc +index f03fad4..c342bf3 100644 +--- a/policy/modules/services/postgresql.fc ++++ b/policy/modules/services/postgresql.fc +@@ -2,7 +2,7 @@ + # /etc + # + /etc/postgresql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0) +-/etc/rc\.d/init\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0) ++/etc/init\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0) + /etc/sysconfig/pgsql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0) + + # +diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc +index d4d7489..ca55704 100644 +--- a/policy/modules/system/init.fc ++++ b/policy/modules/system/init.fc +@@ -3,10 +3,9 @@ + # + /etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) + +-/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) +-/etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) ++/etc/init\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) ++/etc/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) + +-/etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) + /etc/sysconfig/network-scripts/ifup-ipsec -- gen_context(system_u:object_r:initrc_exec_t,s0) + + /etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0) +diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te +index b7fcbe3..1e6e6a8 100644 +--- a/policy/modules/system/init.te ++++ b/policy/modules/system/init.te +@@ -534,7 +534,7 @@ ifdef(`distro_redhat',` + ') + + optional_policy(` +- #for /etc/rc.d/init.d/nfs to create /etc/exports ++ #for /etc/init.d/nfs to create /etc/exports + rpc_write_exports(initrc_t) + rpc_manage_nfs_state_data(initrc_t) + ') +@@ -691,7 +691,7 @@ optional_policy(` + # This is needed to permit chown to read /var/spool/lpd/lp. + # This is opens up security more than necessary; this means that ANYTHING + # running in the initrc_t domain can read the printer spool directory. +- # Perhaps executing /etc/rc.d/init.d/lpd should transition ++ # Perhaps executing /etc/init.d/lpd should transition + # to domain lpd_t, instead of waiting for executing lpd. + lpd_list_spool(initrc_t) + +diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc +index fb09b9e..2a15800 100644 +--- a/policy/modules/system/ipsec.fc ++++ b/policy/modules/system/ipsec.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/ipsec -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/racoon -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) ++/etc/init\.d/ipsec -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) ++/etc/init\.d/racoon -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) + + /etc/ipsec\.secrets -- gen_context(system_u:object_r:ipsec_key_file_t,s0) + /etc/ipsec\.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0) +diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc +index 14cffd2..c63e4f9 100644 +--- a/policy/modules/system/iptables.fc ++++ b/policy/modules/system/iptables.fc +@@ -1,5 +1,5 @@ +-/etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) ++/etc/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) ++/etc/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) + /etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0) + /etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0) + +diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc +index 02f4c97..4fe395e 100644 +--- a/policy/modules/system/logging.fc ++++ b/policy/modules/system/logging.fc +@@ -3,8 +3,8 @@ + /etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) + /etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) + /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) +-/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) +-/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) ++/etc/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) ++/etc/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) + + /sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0) + /sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0) +diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc +index bea4629..95774bd 100644 +--- a/policy/modules/system/setrans.fc ++++ b/policy/modules/system/setrans.fc +@@ -1,4 +1,4 @@ +-/etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0) ++/etc/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0) + + /sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) + +-- +1.7.5.4 + diff --git a/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-update-alternatives_sysvinit.patch b/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-update-alternatives_sysvinit.patch new file mode 100644 index 0000000..01905ea --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120215/poky-fc-update-alternatives_sysvinit.patch @@ -0,0 +1,49 @@ +From 11230c7bad442d70484880f59929a6d5cdc8a2e6 Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Mon, 2 Jul 2012 14:53:21 +0800 +Subject: [PATCH] refpolicy: sysvinit fix. + +--- + policy/modules/contrib/shutdown.fc | 1 + + policy/modules/kernel/corecommands.fc | 1 + + policy/modules/system/init.fc | 1 + + 3 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/contrib/shutdown.fc b/policy/modules/contrib/shutdown.fc +index 97671a3..6cad0fd 100644 +--- a/policy/modules/contrib/shutdown.fc ++++ b/policy/modules/contrib/shutdown.fc +@@ -3,5 +3,6 @@ + /lib/upstart/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) + + /sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) ++/sbin/shutdown\.sysvinit -- gen_context(system_u:object_r:shutdown_exec_t,s0) + + /var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0) +diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc +index 6590490..9eb091a 100644 +--- a/policy/modules/kernel/corecommands.fc ++++ b/policy/modules/kernel/corecommands.fc +@@ -10,6 +10,7 @@ + /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0) + /bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0) + /bin/mountpoint -- gen_context(system_u:object_r:bin_t,s0) ++/bin/mountpoint\.sysvinit -- gen_context(system_u:object_r:bin_t,s0) + /bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0) + /bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0) + /bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0) +diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc +index d94bcc3..d4d7489 100644 +--- a/policy/modules/system/init.fc ++++ b/policy/modules/system/init.fc +@@ -34,6 +34,7 @@ ifdef(`distro_gentoo', ` + # /sbin + # + /sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0) ++/sbin/init\.sysvinit -- gen_context(system_u:object_r:init_exec_t,s0) + # because nowadays, /sbin/init is often a symlink to /sbin/upstart + /sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) + +-- +1.7.5.4 + diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.inc b/recipes-security/refpolicy/refpolicy_2.20120215.inc index e31db64..0069f44 100644 --- a/recipes-security/refpolicy/refpolicy_2.20120215.inc +++ b/recipes-security/refpolicy/refpolicy_2.20120215.inc @@ -2,4 +2,10 @@ SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;" SRC_URI[md5sum] = "618a24cfed3b3ee09084fb2c179de92e" SRC_URI[sha256sum] = "6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc" +FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-2.20120215:" +SRC_URI += "file://poky-fc-update-alternatives_sysvinit.patch \ + file://poky-fc-etc_init.d.patch \ + file://fix-mount-to-write-mountpoints-dirs.patch \ + " + include refpolicy_common.inc -- cgit v1.2.3-54-g00ecf