PREIN
/bin/sh
if [ -s /etc/selinux/config ]; then
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/targeted/contexts/files/file_contexts;
if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre;
fi
fi
POSTIN
/bin/sh
semodule -s targeted -r moilscanner 2>/dev/null
( cd /usr/share/selinux/targeted;
semodule -b base.pp -i awstats.pp -i amavis.pp -i audioentropy.pp -i ccs.pp -i calamaris.pp -i cdrecord.pp -i certwatch.pp -i cipe.pp -i clamav.pp -i consolekit.pp -i daemontools.pp -i dcc.pp -i ethereal.pp -i fail2ban.pp -i games.pp -i gnome.pp -i hal.pp -i polkit.pp -i ipsec.pp -i irc.pp -i iscsi.pp -i lockdev.pp -i mailscanner.pp -i mozilla.pp -i mplayer.pp -i mrtg.pp -i nagios.pp -i nx.pp -i oddjob.pp -i pcscd.pp -i openct.pp -i publicfile.pp -i pyzor.pp -i razor.pp -i ricci.pp -i roundup.pp -i rwho.pp -i screen.pp -i slocate.pp -i smartmon.pp -i unconfined.pp -i userhelper.pp -i tor.pp -i tvtime.pp -i uml.pp -i usbmodules.pp -i usernetctl.pp -i tmpreaper.pp -i amtu.pp -i zabbix.pp -i apcupsd.pp -i w3c.pp -i rpcbind.pp -i vmware.pp -i guest.pp -i xguest.pp -i logadm.pp -i webadm.pp -i exim.pp -i kismet.pp -i munin.pp -i bitlbee.pp -i soundserver.pp -s targeted;
);
rm -f /etc/selinux/targeted/policy/policy.*.rpmnew;
if [ $1 = 1 ]; then
semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__ 2> /dev/null
semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 root 2> /dev/null
semanage user -a -P guest -R guest_r guest_u
semanage user -a -P xguest -R xguest_r xguest_u
restorecon -R /root /var/log /var/run 2> /dev/null
else
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/targeted/contexts/files/file_contexts;
selinuxenabled;
if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.pre ]; then
fixfiles -C ${FILE_CONTEXT}.pre restore;
restorecon -R /var/log /var/run 2> /dev/null;
rm -f ${FILE_CONTEXT}.pre;
fi;fi
exit 0
Triggers
selinux-policy-targeted <
3.2.4-3.fc9
/bin/sh
setsebool -P use_nfs_home_dirs=1
semanage user -l | grep -s unconfined_u
if [ $? == 0 ]; then
semanage user -m -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
else
semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
fi
seuser=`semanage login -l | grep __default__ | awk '{ print $2 }'`
[ $seuser == "system_u" ] && semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__
seuser=`semanage login -l | grep root | awk '{ print $2 }'`
[ $seuser == "system_u" ] && semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 root
restorecon -R /root /etc/selinux/targeted 2> /dev/null
exit 0