From 1cff95d377736a13143e6468fbc8c5761e59c942 Mon Sep 17 00:00:00 2001
From: Craig Comstock <craig.comstock@northern.tech>
Date: Mon, 5 May 2025 10:14:10 -0500
Subject: [PATCH] Modified several common bundles to be agent bundles to limit
 access in SELinux policy

This should simplify selinux policy where we want the agent to have broad access but other components like serverd, execd, hub to have more limited access.

The paths bundle checks for the existence of many commands and this operation can cause SELinux AVCs.
The inventory bundle uses the curl command to see if the host is an AWS instance and if so collects some inventory from a well known API/IP.
The cfe_internal_hub_vars needs to determine if php-fpm executable is present.

As far as I can tell there isn't a need for the vars/classes defined in paths and inventory in components other than agent so this change should be OK.

Ticket: ENT-12954
Changelog: title

more common to agent fixes
---
 cfe_internal/enterprise/CFE_hub_specific.cf | 4 ++--
 inventory/any.cf                            | 4 ++--
 lib/paths.cf                                | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cfe_internal/enterprise/CFE_hub_specific.cf b/cfe_internal/enterprise/CFE_hub_specific.cf
index d0e31c67b9..608a059adb 100644
--- a/cfe_internal/enterprise/CFE_hub_specific.cf
+++ b/cfe_internal/enterprise/CFE_hub_specific.cf
@@ -15,7 +15,7 @@
 ##################################################################
 
 @if minimum_version(3.12.0)
-bundle common cfe_hub_specific_file_control
+bundle agent cfe_hub_specific_file_control
 {
   vars:
     "inputs" slist => { "$(this.promise_dirname)/federation/federation.cf" };
@@ -27,7 +27,7 @@ body file control
 }
 @endif
 
-bundle common cfe_internal_hub_vars
+bundle agent cfe_internal_hub_vars
 # @brief Set hub specific variables
 {
   classes:
diff --git a/inventory/any.cf b/inventory/any.cf
index 8d20ead7b3..aed9e7e776 100644
--- a/inventory/any.cf
+++ b/inventory/any.cf
@@ -1,4 +1,4 @@
-bundle common inventory_any
+bundle agent inventory_any
 # @brief Do inventory for any OS
 #
 # This common bundle is for any OS work not handled by specific
@@ -593,7 +593,7 @@ bundle agent cfe_autorun_inventory_cpuinfo
       "$(const.t) CPU physical cores: $(cpuinfo_physical_cores)";
 }
 
-bundle common cfe_autorun_inventory_aws
+bundle agent cfe_autorun_inventory_aws
 # @brief inventory AWS EC2 instances
 #
 # Provides:
diff --git a/lib/paths.cf b/lib/paths.cf
index 67755f79fa..4183b95a57 100644
--- a/lib/paths.cf
+++ b/lib/paths.cf
@@ -1,6 +1,6 @@
 # Paths bundle (used by other bodies)
 
-bundle common paths
+bundle agent paths
 # @brief Defines an array `path` with common paths to standard binaries and
 # directories as well as classes for defined and existing paths.
 #