move in stuff from rpm

2005-05-23 17:01:51 +00:00 · 2005-05-23 17:01:51 +00:00 · 39255175ca
commit 39255175ca
parent 15a9613ca4
1 changed files with 16 additions and 0 deletions
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@ -359,4 +359,20 @@ dontaudit initrc_t mail_spool_t:lnk_file read;

 # for lsof which is used by alsa shutdown
 dontaudit initrc_t domain:{ udp_socket tcp_socket fifo_file unix_dgram_socket } getattr;
+
+optional_policy(`rpm.te',`
+# Access /var/lib/rpm.
+allow initrc_t rpm_var_lib_t:dir rw_dir_perms;
+allow initrc_t rpm_var_lib_t:file create_file_perms;
+
+# for a bug in rm
+dontaudit initrc_t pidfile:file write;
+
+# bash tries to access a block device in the initrd
+dontaudit initrc_t unlabeled_t:blk_file getattr;
+
+# bash tries ioctl for some reason
+dontaudit initrc_t pidfile:file ioctl;
+') dnl end rpm.te
+
 ') dnl end TODO