PREIN
/bin/sh
if [ -s /etc/selinux/config ]; then
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/strict/contexts/files/file_contexts;
if [ "${SELINUXTYPE}" == strict -a -f ${FILE_CONTEXT} ]; then
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre;
fi
fi
POSTIN
/bin/sh
( cd /usr/share/selinux/strict;
semodule -b base.pp -i prelink.pp -i acct.pp -i usermanage.pp -i rpm.pp -i readahead.pp -i kudzu.pp -i updfstab.pp -i alsa.pp -i vpn.pp -i vhostmd.pp -i virt.pp -i qemu.pp -i su.pp -i dmesg.pp -i anaconda.pp -i amanda.pp -i logrotate.pp -i ddcprobe.pp -i quota.pp -i consoletype.pp -i sudo.pp -i vbetool.pp -i usbmodules.pp -i firstboot.pp -i certwatch.pp -i tmpreaper.pp -i mrtg.pp -i dmidecode.pp -i logwatch.pp -i evolution.pp -i mozilla.pp -i irc.pp -i lockdev.pp -i usernetctl.pp -i gpg.pp -i thunderbird.pp -i wine.pp -i loadkeys.pp -i screen.pp -i calamaris.pp -i tvtime.pp -i java.pp -i uml.pp -i cdrecord.pp -i mplayer.pp -i webalizer.pp -i ethereal.pp -i userhelper.pp -i games.pp -i mono.pp -i slocate.pp -i xen.pp -i hostname.pp -i daemontools.pp -i getty.pp -i pcmcia.pp -i raid.pp -i iptables.pp -i unconfined.pp -i ipsec.pp -i nis.pp -i distcc.pp -i tor.pp -i rshd.pp -i cpucontrol.pp -i bind.pp -i cipe.pp -i canna.pp -i i18n_input.pp -i uucp.pp -i sasl.pp -i pegasus.pp -i cron.pp -i sendmail.pp -i samba.pp -i dbus.pp -i howl.pp -i timidity.pp -i postgresql.pp -i openct.pp -i snmp.pp -i ucspitcp.pp -i publicfile.pp -i roundup.pp -i remotelogin.pp -i telnet.pp -i irqbalance.pp -i mailman.pp -i dbskk.pp -i ldap.pp -i tftp.pp -i portmap.pp -i arpwatch.pp -i dovecot.pp -i amavis.pp -i cups.pp -i networkmanager.pp -i inn.pp -i sysstat.pp -i comsat.pp -i squid.pp -i zebra.pp -i xfs.pp -i ktalk.pp -i procmail.pp -i lpd.pp -i cyrus.pp -i rdisc.pp -i nscd.pp -i ppp.pp -i smartmon.pp -i ftp.pp -i gpm.pp -i audioentropy.pp -i rhcs.pp -i aisexec.pp -i piranha.pp -i rgmanager.pp -i rhgb.pp -i postfix.pp -i exim.pp -i fetchmail.pp -i ntp.pp -i bluetooth.pp -i hal.pp -i avahi.pp -i rpc.pp -i xserver.pp -i apache.pp -i slrnpull.pp -i clamav.pp -i rsync.pp -i djbdns.pp -i automount.pp -i kerberos.pp -i dhcp.pp -i ssh.pp -i inetd.pp -i mysql.pp -i dictd.pp -i finger.pp -i radius.pp -i spamassassin.pp -i radvd.pp -i apm.pp -i tcpd.pp -i stunnel.pp -i privoxy.pp -i cvs.pp -i rlogin.pp -i nagios.pp -i pcscd.pp -i amtu.pp -i oddjob.pp -i ccs.pp -i ricci.pp -i zosremote.pp -i brctl.pp -i clogd.pp -i dnsmasq.pp -i iscsi.pp -i milter.pp -i dcc.pp -i postgrey.pp -i razor.pp -i prelude.pp -i pyzor.pp -i sssd.pp -s strict;
);
rm -f /etc/selinux/strict/policy/policy.*.rpmnew
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/strict/contexts/files/file_contexts;
selinuxenabled;
if [ $? == 0 -a "${SELINUXTYPE}" == strict -a -f ${FILE_CONTEXT}.pre ]; then
fixfiles -C ${FILE_CONTEXT}.pre restore;
restorecon -R /var/log /var/run;
rm -f ${FILE_CONTEXT}.pre;
fi;
Triggers
selinux-policy-strict <=
2.2.35-2
/bin/sh
cd /usr/share/selinux/strict
x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
strict <=
2.0.7
/bin/sh
( cd /usr/share/selinux/strict;
semodule -b base.pp -i prelink.pp -i acct.pp -i usermanage.pp -i rpm.pp -i readahead.pp -i kudzu.pp -i updfstab.pp -i alsa.pp -i vpn.pp -i vhostmd.pp -i virt.pp -i qemu.pp -i su.pp -i dmesg.pp -i anaconda.pp -i amanda.pp -i logrotate.pp -i ddcprobe.pp -i quota.pp -i consoletype.pp -i sudo.pp -i vbetool.pp -i usbmodules.pp -i firstboot.pp -i certwatch.pp -i tmpreaper.pp -i mrtg.pp -i dmidecode.pp -i logwatch.pp -i evolution.pp -i mozilla.pp -i irc.pp -i lockdev.pp -i usernetctl.pp -i gpg.pp -i thunderbird.pp -i wine.pp -i loadkeys.pp -i screen.pp -i calamaris.pp -i tvtime.pp -i java.pp -i uml.pp -i cdrecord.pp -i mplayer.pp -i webalizer.pp -i ethereal.pp -i userhelper.pp -i games.pp -i mono.pp -i slocate.pp -i xen.pp -i hostname.pp -i daemontools.pp -i getty.pp -i pcmcia.pp -i raid.pp -i iptables.pp -i unconfined.pp -i ipsec.pp -i nis.pp -i distcc.pp -i tor.pp -i rshd.pp -i cpucontrol.pp -i bind.pp -i cipe.pp -i canna.pp -i i18n_input.pp -i uucp.pp -i sasl.pp -i pegasus.pp -i cron.pp -i sendmail.pp -i samba.pp -i dbus.pp -i howl.pp -i timidity.pp -i postgresql.pp -i openct.pp -i snmp.pp -i ucspitcp.pp -i publicfile.pp -i roundup.pp -i remotelogin.pp -i telnet.pp -i irqbalance.pp -i mailman.pp -i dbskk.pp -i ldap.pp -i tftp.pp -i portmap.pp -i arpwatch.pp -i dovecot.pp -i amavis.pp -i cups.pp -i networkmanager.pp -i inn.pp -i sysstat.pp -i comsat.pp -i squid.pp -i zebra.pp -i xfs.pp -i ktalk.pp -i procmail.pp -i lpd.pp -i cyrus.pp -i rdisc.pp -i nscd.pp -i ppp.pp -i smartmon.pp -i ftp.pp -i gpm.pp -i audioentropy.pp -i rhcs.pp -i aisexec.pp -i piranha.pp -i rgmanager.pp -i rhgb.pp -i postfix.pp -i exim.pp -i fetchmail.pp -i ntp.pp -i bluetooth.pp -i hal.pp -i avahi.pp -i rpc.pp -i xserver.pp -i apache.pp -i slrnpull.pp -i clamav.pp -i rsync.pp -i djbdns.pp -i automount.pp -i kerberos.pp -i dhcp.pp -i ssh.pp -i inetd.pp -i mysql.pp -i dictd.pp -i finger.pp -i radius.pp -i spamassassin.pp -i radvd.pp -i apm.pp -i tcpd.pp -i stunnel.pp -i privoxy.pp -i cvs.pp -i rlogin.pp -i nagios.pp -i pcscd.pp -i amtu.pp -i oddjob.pp -i ccs.pp -i ricci.pp -i zosremote.pp -i brctl.pp -i clogd.pp -i dnsmasq.pp -i iscsi.pp -i milter.pp -i dcc.pp -i postgrey.pp -i razor.pp -i prelude.pp -i pyzor.pp -i sssd.pp -s strict;
);
rm -f /etc/selinux/strict/policy/policy.*.rpmnew