rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: update init_telinit() for upstart's datagram socket usage instead of pipe useage.

Browse Source
This commit is contained in:
Chris PeBenito 2008-07-15 15:33:51 +00:00
parent e64c38c7a4
commit 4459a7c086
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Changelog
View File

@ -1,3 +1,6 @@
- Issuing commands to upstart is over a datagram socket, not the initctl
named pipe. Updated init_telinit() to match.
* Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702 * Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
- Fix httpd_enable_homedirs to actually provide the access it is supposed to - Fix httpd_enable_homedirs to actually provide the access it is supposed to
provide. provide.

10
policy/modules/system/init.if
View File

@ -469,6 +469,16 @@ interface(`init_telinit',`
allow $1 initctl_t:fifo_file rw_fifo_file_perms; allow $1 initctl_t:fifo_file rw_fifo_file_perms;
init_exec($1) init_exec($1)
tunable_policy(`init_upstart',`
gen_require(`
type init_t;
')
# upstart uses a datagram socket instead of initctl pipe
allow $1 self:unix_dgram_socket create_socket_perms;
allow $1 init_t:unix_dgram_socket sendto;
')
') ')
######################################## ########################################

2
policy/modules/system/init.te
View File

@ -1,5 +1,5 @@
policy_module(init, 1.11.0) policy_module(init, 1.11.1)
gen_require(` gen_require(`
class passwd rootok; class passwd rootok;