From 39255175ca1cd45d7547de1ac0fc0896d0e006b4 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 23 May 2005 17:01:51 +0000
Subject: [PATCH] move in stuff from rpm

---
 refpolicy/policy/modules/system/init.te | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index bfc3a608..4ea8f37c 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -359,4 +359,20 @@ dontaudit initrc_t mail_spool_t:lnk_file read;
 
 # for lsof which is used by alsa shutdown
 dontaudit initrc_t domain:{ udp_socket tcp_socket fifo_file unix_dgram_socket } getattr;
+
+optional_policy(`rpm.te',`
+# Access /var/lib/rpm.
+allow initrc_t rpm_var_lib_t:dir rw_dir_perms;
+allow initrc_t rpm_var_lib_t:file create_file_perms;
+
+# for a bug in rm
+dontaudit initrc_t pidfile:file write;
+
+# bash tries to access a block device in the initrd
+dontaudit initrc_t unlabeled_t:blk_file getattr;
+
+# bash tries ioctl for some reason
+dontaudit initrc_t pidfile:file ioctl;
+') dnl end rpm.te
+
 ') dnl end TODO