Tree-wide: various fixes and clean-ups

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>

1 files changed, 20 insertions, 2 deletions

diff --git a/src/misc.cil b/src/misc.cil
index e9f423c..9e8e796 100644
--- a/src/misc.cil
+++ b/src/misc.cil
@@ -28,23 +28,40 @@
 
 (in cert
 
+    (filecon "/etc/ca-certificates" dir file_context)
+    (filecon "/etc/ca-certificates/.*" any file_context)
+
+    (filecon "/etc/ca-certificates\.conf" file file_context)
+    (filecon "/etc/ca-certificates\.conf\..*" file file_context)
+
     (filecon "/etc/pki" dir file_context)
     (filecon "/etc/pki/.*" any file_context)
 
     (filecon "/etc/ssl" dir file_context)
     (filecon "/etc/ssl/.*" any file_context)
 
+    (filecon "/usr/share/ca-certificates" dir file_context)
+    (filecon "/usr/share/ca-certificates/.*" any file_context)
+
     (filecon "/usr/share/pki" dir file_context)
     (filecon "/usr/share/pki/.*" any file_context)
 
     (macro conf_file_type_transition_file ((type ARG1))
 	   (call .conf.file_type_transition
+		 (ARG1 file dir "ca-certificates"))
+	   (call .conf.file_type_transition
 		 (ARG1 file dir "pki"))
 	   (call .conf.file_type_transition
-		 (ARG1 file dir "ssl")))
+		 (ARG1 file dir "ssl"))
+	   (call .conf.file_type_transition
+		 (ARG1 file file "ca-certificates.conf"))
+	   (call .conf.file_type_transition
+		 (ARG1 file file "ca-certificates.conf.dpkg-new")))
 
     (macro data_file_type_transition_file ((type ARG1))
 	   (call .data.file_type_transition
+		 (ARG1 file dir "ca-certificates"))
+	   (call .data.file_type_transition
 		 (ARG1 file dir "pki"))))
 
 (in cgroup
@@ -415,6 +432,7 @@
 (in media
 
     (filecon "/media" dir file_context)
+    (filecon "/media/cdrom" symlink file_context)
     (filecon "/media/.*" any ())
 
     (filecon "/mnt" dir file_context)
@@ -694,4 +712,4 @@
 (typealias rpm_script_t)
 (typealiasactual rpm_script_t sys.subj)
 
-(tunable xserver_object_manager false)
+(boolean xserver_object_manager false)