Move base directories to /var/games

diff --git a/bf1942/bf1942.fc b/bf1942/bf1942.fc
index f174979..f5d215a 100644 (file)
--- a/bf1942/bf1942.fc
+++ b/bf1942/bf1942.fc
@@ -1,6 +1,6 @@
-/etank/games/bf1942/bf1942/serverfiles/bf1942_lnxded.*                 -- gen_context(system_u:object_r:bf1942_exec_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/pb/.*\.so                          gen_context(system_u:object_r:bf1942_exec_t,s0)
-/etank/games/bf1942/bf1942(/.*)?                                          gen_context(system_u:object_r:bf1942_ro_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings                gen_context(system_u:object_r:bf1942_rw_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/logs(/.*)?              gen_context(system_u:object_r:bf1942_rw_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings/maplist.con    gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/bf1942_lnxded.*                 -- gen_context(system_u:object_r:bf1942_exec_t,s0)
+/var/games/bf1942/bf1942/serverfiles/pb/.*\.so                          gen_context(system_u:object_r:bf1942_exec_t,s0)
+/var/games/bf1942/bf1942(/.*)?                                          gen_context(system_u:object_r:bf1942_ro_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings                gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/logs(/.*)?              gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings/maplist.con    gen_context(system_u:object_r:bf1942_rw_t,s0)

diff --git a/bf1942/bf1942.te b/bf1942/bf1942.te
index f3084c6..d7cd464 100644 (file)
--- a/bf1942/bf1942.te
+++ b/bf1942/bf1942.te
@@ -1,4 +1,8 @@
-policy_module(bf1942, 0.1.6)
+policy_module(bf1942, 0.1.7)
+
+require {
+    type games_data_t;
+}
 
 # File context for the executable process
 type bf1942_t;
@@ -32,3 +36,5 @@ allow bf1942_t self:process execmem;
 
 # The BF1942 binary executes itself
 allow bf1942_t bf1942_exec_t:file execute_no_trans;
+
+list_dirs_pattern(bf1942_t, games_data_t, games_data_t)

diff --git a/cod4/cod4.fc b/cod4/cod4.fc
index 1028463..076a89b 100644 (file)
--- a/cod4/cod4.fc
+++ b/cod4/cod4.fc
@@ -1,6 +1,6 @@
 # /opt/cod4/.+/log(/.*)?        gen_context(system_u:object_r:cod4_rw_t,s0)
-/etank/games/cod4/cod4_lnxded(-bin)?    --      gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4/libstdc\+\+\.so\.6    --      gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4/libgcc_s\.so\.1       --      gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4(/.*)?                         gen_context(system_u:object_r:cod4_ro_t,s0)
-/etank/games/cod4/.callofduty4(/.*)?            gen_context(system_u:object_r:cod4_rw_t,s0)
+/var/games/cod4/cod4_lnxded(-bin)?    --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4/libstdc\+\+\.so\.6    --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4/libgcc_s\.so\.1       --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4(/.*)?                         gen_context(system_u:object_r:cod4_ro_t,s0)
+/var/games/cod4/.callofduty4(/.*)?            gen_context(system_u:object_r:cod4_rw_t,s0)

diff --git a/cod4/cod4.te b/cod4/cod4.te
index 17885b6..bc833ab 100644 (file)
--- a/cod4/cod4.te
+++ b/cod4/cod4.te
@@ -1,4 +1,8 @@
-policy_module(cod4, 0.1.33)
+policy_module(cod4, 0.1.38)
+
+require {
+    type games_data_t;
+}
 
 # File context for the executable process
 type cod4_t;
@@ -27,3 +31,5 @@ setattr_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
 sysnet_dns_name_resolve(cod4_t)
 
 allow init_t cod4_t:process { noatsecure };
+
+list_dirs_pattern(cod4_t, games_data_t, games_data_t)

diff --git a/q3a/q3a.fc b/q3a/q3a.fc
index a1c0178..43b0a21 100644 (file)
--- a/q3a/q3a.fc
+++ b/q3a/q3a.fc
@@ -1,5 +1,5 @@
-/etank/games/q3a/q3ded                  --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/ioq3ded\.(x86_64|i386) --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/.*/qagamei386.so       --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a(/.*)?                          gen_context(system_u:object_r:q3a_ro_t,s0)
-/etank/games/q3a/.q3a(/.*)?                     gen_context(system_u:object_r:q3a_rw_t,s0)
+/var/games/q3a/q3ded                  --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a/ioq3ded\.(x86_64|i386) --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a/.*/qagamei386.so       --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a(/.*)?                          gen_context(system_u:object_r:q3a_ro_t,s0)
+/var/games/q3a/.q3a(/.*)?                     gen_context(system_u:object_r:q3a_rw_t,s0)

diff --git a/q3a/q3a.te b/q3a/q3a.te
index 4872be1..9665023 100644 (file)
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,8 @@
-policy_module(q3a, 0.1.25)
+policy_module(q3a, 0.1.26)
+
+require {
+    type games_data_t;
+}
 
 # File context for the executable process
 type q3a_t;
@@ -34,3 +38,5 @@ sysnet_dns_name_resolve(q3a_t)
 dev_read_urand(q3a_t)
 
 allow q3a_t self:process execmem;
+
+list_dirs_pattern(q3a_t, games_data_t, games_data_t)

diff --git a/quake2/quake2.fc b/quake2/quake2.fc
index eb03638..8ffc81d 100644 (file)
--- a/quake2/quake2.fc
+++ b/quake2/quake2.fc
@@ -1,7 +1,7 @@
-/etank/games/quake2/quake2/quake2ded([^/]*)?         --      gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2/.*/game(x86_64|i386)\.so  --      gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2(/.*)?                             gen_context(system_u:object_r:quake2_ro_t,s0)
-/etank/games/quake2/quake2/lithium/save(/.*)?                gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/log(/.*)?                 gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/.*log                     gen_context(system_u:object_r:quake2_rw_t,s0)
-#/etank/games/quake2/.quake2(/.*)?                           gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/quake2ded([^/]*)?         --      gen_context(system_u:object_r:quake2_exec_t,s0)
+/var/games/quake2/quake2/.*/game(x86_64|i386)\.so  --      gen_context(system_u:object_r:quake2_exec_t,s0)
+/var/games/quake2/quake2(/.*)?                             gen_context(system_u:object_r:quake2_ro_t,s0)
+/var/games/quake2/quake2/lithium/save(/.*)?                gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/lithium/log(/.*)?                 gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/lithium/.*log                     gen_context(system_u:object_r:quake2_rw_t,s0)
+#/var/games/quake2/.quake2(/.*)?                           gen_context(system_u:object_r:quake2_rw_t,s0)

diff --git a/quake2/quake2.te b/quake2/quake2.te
index 9f16e80..7ceaf03 100644 (file)
--- a/quake2/quake2.te
+++ b/quake2/quake2.te
@@ -1,4 +1,8 @@
-policy_module(quake2, 0.1.11)
+policy_module(quake2, 0.1.12)
+
+require {
+    type games_data_t;
+}
 
 # File context for the executable process
 type quake2_t;
@@ -29,3 +33,5 @@ setattr_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 sysnet_dns_name_resolve(quake2_t)
 
 allow quake2_t self:process execmem;
+
+list_dirs_pattern(quake2_t, games_data_t, games_data_t)

diff --git a/tesseract/tesseract.fc b/tesseract/tesseract.fc
index 0ac201e..22d487c 100644 (file)
--- a/tesseract/tesseract.fc
+++ b/tesseract/tesseract.fc
@@ -1,2 +1,2 @@
-/etank/games/tesseract/tesseract/bin_unix/linux(_64)?_(server|client)  --  gen_context(system_u:object_r:tesseract_exec_t,s0)
-/etank/games/tesseract/tesseract(/.*)?                                     gen_context(system_u:object_r:tesseract_ro_t,s0)
+/var/games/tesseract/tesseract/bin_unix/linux(_64)?_(server|client)  --  gen_context(system_u:object_r:tesseract_exec_t,s0)
+/var/games/tesseract/tesseract(/.*)?                                     gen_context(system_u:object_r:tesseract_ro_t,s0)

diff --git a/tf2/tf2.fc b/tf2/tf2.fc
index 998b811..bf5155f 100644 (file)
--- a/tf2/tf2.fc
+++ b/tf2/tf2.fc
@@ -1,14 +1,14 @@
-/etank/games/tf2/tf2/bin(/.*)?                     --   gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/tf2/srcds_linux                   --   gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/tf2/tf/bin/server_srv.so          --   gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/Steam/linux32/steamclient.so      --   gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2(/.*)?                                  gen_context(system_u:object_r:tf2_ro_t,s0)
-/etank/games/tf2/Steam/update.sh                        gen_context(system_u:object_r:usr_t,s0)
-/etank/games/tf2/tf2/steam_appid.txt                    gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/downloadlists(/.*)?             gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/Steam/config(/.*)?                     gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/Steam/logs(/.*)?                       gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/modelsounds.cache               gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/maps(/.*)?                      gen_context(system_u:object_r:tf2_ro_t,s0)
-/etank/games/tf2/tf2/tf/maps                       -d   gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/maps/(graphs|workshop)(/.*)?    gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/bin(/.*)?                     --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/tf2/srcds_linux                   --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/tf2/tf/bin/server_srv.so          --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/Steam/linux32/steamclient.so      --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2(/.*)?                                  gen_context(system_u:object_r:tf2_ro_t,s0)
+/var/games/tf2/Steam/update.sh                        gen_context(system_u:object_r:usr_t,s0)
+/var/games/tf2/tf2/steam_appid.txt                    gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/downloadlists(/.*)?             gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/Steam/config(/.*)?                     gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/Steam/logs(/.*)?                       gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/modelsounds.cache               gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/maps(/.*)?                      gen_context(system_u:object_r:tf2_ro_t,s0)
+/var/games/tf2/tf2/tf/maps                       -d   gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/maps/(graphs|workshop)(/.*)?    gen_context(system_u:object_r:tf2_rw_t,s0)

diff --git a/tf2/tf2.te b/tf2/tf2.te
index 3e6bcdc..024594e 100644 (file)
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,7 +1,8 @@
-policy_module(tf2, 0.1.29)
+policy_module(tf2, 0.1.30)
 
 require {
     type default_t;
+    type games_data_t;
 }
 
 # File context for the executable process
@@ -61,3 +62,5 @@ dontaudit tf2_t default_t:dir read;
 
 allow init_t tf2_t:process { noatsecure };
 allow tf2_t self:process execmem;
+
+list_dirs_pattern(tf2_t, games_data_t, games_data_t)

diff --git a/ut2004/ut2004.fc b/ut2004/ut2004.fc
index f287272..52b9a00 100644 (file)
--- a/ut2004/ut2004.fc
+++ b/ut2004/ut2004.fc
@@ -1,4 +1,4 @@
-/etank/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
-/etank/games/ut2004/ut2004(/.*)?                                   gen_context(system_u:object_r:ut2004_ro_t,s0)
-/etank/games/ut2004/ut2004/System/UCC.log                          gen_context(system_u:object_r:ut2004_rw_t,s0)
-/etank/games/ut2004/ut2004/System/.*\.ini                          gen_context(system_u:object_r:ut2004_rw_t,s0)
+/var/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
+/var/games/ut2004/ut2004(/.*)?                                   gen_context(system_u:object_r:ut2004_ro_t,s0)
+/var/games/ut2004/ut2004/System/UCC.log                          gen_context(system_u:object_r:ut2004_rw_t,s0)
+/var/games/ut2004/ut2004/System/.*\.ini                          gen_context(system_u:object_r:ut2004_rw_t,s0)