try to fix associations

refpolicy/policy/modules/kernel/bootloader.te

@@ -62,7 +62,7 @@ files_type(system_map_t)
 # cjp: this probably can be removed, I do not
 # think it is used on 2.6 kernels
 type var_log_ksyms_t;
-files_type(var_log_ksyms_t)
+logging_log_file(var_log_ksyms_t)
 
 ########################################
 #

refpolicy/policy/modules/kernel/filesystem.if

@@ -17,6 +17,8 @@ interface(`fs_type',`
 	')
 
 	typeattribute $1 filesystem_type;
+
+	allow $1 self:filesystem associate;
 ')
 
 ########################################

refpolicy/policy/modules/kernel/filesystem.te

@@ -14,7 +14,8 @@ attribute noxattrfs;
 # fs_t is the default type for persistent
 # filesystems with extended attributes
 #
-type fs_t, filesystem_type;
+type fs_t;
+fs_type(fs_t)
 sid fs gen_context(system_u:object_r:fs_t,s0)
 
 # Use xattrs for the following filesystem types.
@@ -37,59 +38,62 @@ fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
 #
 # Non-persistent/pseudo filesystems
 #
-type bdev_t, filesystem_type;
+type bdev_t;
+fs_type(bdev_t)
 genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
 
-type binfmt_misc_fs_t, filesystem_type;
+type binfmt_misc_fs_t;
+fs_type(binfmt_misc_fs_t)
 files_mountpoint(binfmt_misc_fs_t)
 genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
 
-type capifs_t, filesystem_type;
+type capifs_t;
-allow capifs_t self:filesystem associate;
+fs_type(capifs_t)
 genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
 
-type configfs_t, filesystem_type;
+type configfs_t;
-allow configfs_t self:filesystem associate;
+fs_type(configfs_t)
 genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
 
-type eventpollfs_t, filesystem_type;
+type eventpollfs_t;
-allow eventpollfs_t self:filesystem associate;
+fs_type(eventpollfs_t)
 genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
 
-type futexfs_t, filesystem_type;
+type futexfs_t;
-allow futexfs_t self:filesystem associate;
+fs_type(futexfs_t)
 genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
 
-type hugetlbfs_t, filesystem_type;
+type hugetlbfs_t;
+fs_type(hugetlbfs_t)
 files_mountpoint(hugetlbfs_t)
-allow hugetlbfs_t self:filesystem associate;
 genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
 
-type inotifyfs_t, filesystem_type;
+type inotifyfs_t;
-allow inotifyfs_t self:filesystem associate;
+fs_type(inotifyfs_t)
 genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
 
-type nfsd_fs_t, filesystem_type;
+type nfsd_fs_t;
-allow nfsd_fs_t self:filesystem associate;
+fs_type(nfsd_fs_t)
 genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
 
-type ramfs_t, filesystem_type;
+type ramfs_t;
-allow ramfs_t self:filesystem associate;
+fs_type(ramfs_t)
 genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
 
-type romfs_t, filesystem_type;
+type romfs_t;
-allow romfs_t self:filesystem associate;
+fs_type(romfs_t)
 genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
 genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
 
-type rpc_pipefs_t, filesystem_type;
+type rpc_pipefs_t;
-allow rpc_pipefs_t self:filesystem associate;
+fs_type(rpc_pipefs_t)
 genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
 
 #
 # tmpfs_t is the type for tmpfs filesystems
 #
-type tmpfs_t, filesystem_type;
+type tmpfs_t;
+fs_type(tmpfs_t)
 files_type(tmpfs_t)
 files_mountpoint(tmpfs_t)
 
@@ -102,15 +106,14 @@ fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
 fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
 fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
 
-allow tmpfs_t self:filesystem associate;
 allow tmpfs_t noxattrfs:filesystem associate;
 
 ##############################
 #
 # Filesystems without extended attribute support
 #
-type autofs_t, filesystem_type, noxattrfs;
+type autofs_t, noxattrfs;
-allow autofs_t self:filesystem associate;
+fs_type(autofs_t)
 genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
 genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
 
@@ -118,8 +121,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
 # cifs_t is the type for filesystems and their
 # files shared from Windows servers
 #
-type cifs_t alias sambafs_t, filesystem_type, noxattrfs;
+type cifs_t alias sambafs_t, noxattrfs;
-allow cifs_t self:filesystem associate;
+fs_type(cifs_t)
 genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
 genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 
@@ -127,8 +130,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 # dosfs_t is the type for fat and vfat
 # filesystems and their files.
 #
-type dosfs_t, filesystem_type, noxattrfs;
+type dosfs_t, noxattrfs;
-allow dosfs_t self:filesystem associate;
+fs_type(dosfs_t)
 genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
@@ -139,15 +142,16 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
 # and their files.
 #
 type iso9660_t, filesystem_type, noxattrfs;
-allow iso9660_t self:filesystem associate;
+fs_type(iso9660_t)
 genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
 genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
 
 #
 # removable_t is the default type of all removable media
 #
-type removable_t, filesystem_type, noxattrfs;
+type removable_t, noxattrfs;
 allow removable_t noxattrfs:filesystem associate;
+fs_type(removable_t)
 files_config_file(removable_t)
 
 #
@@ -155,8 +159,8 @@ files_config_file(removable_t)
 # and their files.
 #
 type nfs_t, filesystem_type, noxattrfs;
+fs_type(nfs_t)
 files_mountpoint(nfs_t)
-allow nfs_t self:filesystem associate;
 genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
 genfscon afs / gen_context(system_u:object_r:nfs_t,s0)

refpolicy/policy/modules/system/files.te

@@ -123,9 +123,8 @@ fs_associate_noxattr(src_t)
 #
 # tmp_t is the type of the temporary directories
 #
-type tmp_t, file_type, tmpfile, mountpoint; #, polydir
+type tmp_t, mountpoint; #, polydir
-fs_associate(tmp_t)
+files_tmp_file(tmp_t)
-fs_associate_noxattr(tmp_t)
 
 #
 # usr_t is the type for /usr.
@@ -166,6 +165,5 @@ fs_associate_noxattr(var_run_t)
 #
 # var_spool_t is the type of /var/spool
 #
-type var_spool_t, file_type;
+type var_spool_t;
-fs_associate(var_spool_t)
+files_tmp_file(var_spool_t)
-fs_associate_noxattr(var_spool_t)

refpolicy/policy/modules/system/locallogin.te

@@ -19,7 +19,7 @@ type local_login_lock_t;
 files_lock_file(local_login_lock_t)
 
 type local_login_tmp_t;
-files_type(local_login_tmp_t)
+files_tmp_file(local_login_tmp_t)
 
 type sulogin_t;
 type sulogin_exec_t;

refpolicy/policy/modules/system/logging.te

@@ -8,7 +8,7 @@ policy_module(logging,1.0)
 
 attribute logfile;
 
-type auditctl_t; #, privlog;
+type auditctl_t;
 type auditctl_exec_t;
 init_system_domain(auditctl_t,auditctl_exec_t)
 role system_r types auditctl_t;

refpolicy/policy/modules/system/userdomain.te

@@ -56,9 +56,13 @@ ifdef(`targeted_policy',`
 	# User home directory type.
 	type user_home_t alias { staff_home_t sysadm_home_t }, home_type;
 	files_type(user_home_t)
+	files_associate_tmp(user_home_t)
+	fs_associate_tmpfs(user_home_t)
 
 	type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t }, home_dir_type, home_type;
 	files_type(user_home_dir_t)
+	files_associate_tmp(user_home_dir_t)
+	fs_associate_tmpfs(user_home_dir_t)
 
 	unconfined_role(user_r)
 	unconfined_role(sysadm_r)