From d386950b0d57c67a14501025922d67bc8771545b Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Thu, 29 Aug 2019 19:57:05 +0200 Subject: [PATCH] Fix use of buggy pattern (.*)? The pattern "(.*)?" means "match anything including the nothing, or nothing": the question mark is redundant. This is likely to be a mispelling for "(/.*)?", which means "match a slash and anthing, or nothing", or for ".*", or for other patterns. Signed-off-by: Nicolas Iooss --- policy/modules/apps/openoffice.fc | 56 +++++++++++++++--------------- policy/modules/kernel/devices.fc | 2 +- policy/modules/services/apache.fc | 2 +- policy/modules/services/dnsmasq.fc | 2 +- policy/modules/system/ipsec.fc | 4 +-- 5 files changed, 33 insertions(+), 33 deletions(-) diff --git a/policy/modules/apps/openoffice.fc b/policy/modules/apps/openoffice.fc index 6613bb446..c3338e90f 100644 --- a/policy/modules/apps/openoffice.fc +++ b/policy/modules/apps/openoffice.fc @@ -1,30 +1,30 @@ HOME_DIR/\.openoffice(\.org)?(/.*)? gen_context(system_u:object_r:ooffice_home_t,s0) -/opt/openoffice(.*)?/program/cde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/gnome-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/gnome-open-url\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/javaldx -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/kde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/pagein -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/regcomp\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/regmerge -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/regview -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/sbase -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/scalc -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/sdraw -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/senddoc -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/simpress -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/smath -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/soffice -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/soffice\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/spadmin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/spadmin\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/startup\.sh -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/swriter -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/uno\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/unoinfo -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/unopkg -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/unopkg\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/unpack_update -- gen_context(system_u:object_r:ooffice_exec_t,s0) -/opt/openoffice(.*)?/program/uri-encode -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/cde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/gnome-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/gnome-open-url\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/javaldx -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/kde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/pagein -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/regcomp\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/regmerge -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/regview -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/sbase -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/scalc -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/sdraw -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/senddoc -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/simpress -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/smath -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/soffice -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/soffice\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/spadmin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/spadmin\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/startup\.sh -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/swriter -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/uno\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/unoinfo -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/unopkg -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/unopkg\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/unpack_update -- gen_context(system_u:object_r:ooffice_exec_t,s0) +/opt/openoffice[^/]*/program/uri-encode -- gen_context(system_u:object_r:ooffice_exec_t,s0) diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index 339a41889..49cf8a6d4 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -198,7 +198,7 @@ ifdef(`distro_debian',` # if you want to disable udev, you will have to boot permissive and relabel! /dev/\.static -d gen_context(system_u:object_r:device_t,s0) /dev/\.static/dev -d gen_context(system_u:object_r:device_t,s0) -/dev/\.static/dev/(.*)? <> +/dev/\.static/dev/.+ <> ') /etc/udev/devices -d gen_context(system_u:object_r:device_t,s0) diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc index aadc41140..28a1ee38e 100644 --- a/policy/modules/services/apache.fc +++ b/policy/modules/services/apache.fc @@ -195,7 +195,7 @@ ifdef(`distro_suse',` /var/www/miq/vmdb/log(/.*)? gen_context(system_u:object_r:httpd_sys_ra_content_t,s0) /var/www/moodledata(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) /var/www(/.*)?/nextcloud/config(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) -/var/www(/.*)?/nextcloud/data(.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/var/www(/.*)?/nextcloud/data(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) /var/www(/.*)?/nextcloud/apps(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) /var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) /var/www/sessions(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc index 91c18d469..a6d7f115e 100644 --- a/policy/modules/services/dnsmasq.fc +++ b/policy/modules/services/dnsmasq.fc @@ -16,4 +16,4 @@ /var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0) /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0) -/var/log/dnsmasq(.*)?\.log(\..+) -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0) +/var/log/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0) diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc index 9ff125de2..ddbbc12a6 100644 --- a/policy/modules/system/ipsec.fc +++ b/policy/modules/system/ipsec.fc @@ -14,7 +14,7 @@ /etc/strongswan\.d(/.*)? gen_context(system_u:object_r:ipsec_conf_file_t,s0) -/etc/swanctl/(.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0) +/etc/swanctl/.+ gen_context(system_u:object_r:ipsec_key_file_t,s0) /etc/swanctl -d gen_context(system_u:object_r:ipsec_conf_file_t,s0) /etc/swanctl/swanctl.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0) @@ -58,6 +58,6 @@ /var/racoon(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) -/run/charon\.(.*)? -- gen_context(system_u:object_r:ipsec_var_run_t,s0) +/run/charon\.[^/]+ -- gen_context(system_u:object_r:ipsec_var_run_t,s0) /run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) /run/racoon\.pid -- gen_context(system_u:object_r:ipsec_var_run_t,s0)