From 64c5b9975bfd61c8175e4aa42f0cd70d138fab57 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 18 Sep 2008 13:47:43 +0000 Subject: [PATCH] trunk: add interface to transition to initrc_t on labeled init scripts. --- policy/modules/system/init.if | 25 +++++++++++++++++++++++++ policy/modules/system/init.te | 2 +- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index e6e831c7..a7db5fe6 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -693,6 +693,31 @@ interface(`init_script_file_domtrans',` domain_auto_trans($1,initrc_exec_t,$2) ') +######################################## +## +## Transition to the init script domain +## on a specified labeled init script. +## +## +## +## Domain allowed access. +## +## +## +## +## Labeled init script file. +## +## +# +interface(`init_labeled_script_domtrans',` + gen_require(` + type initrc_t; + ') + + domtrans_pattern($1, $2, initrc_t) + files_search_etc($1) +') + ######################################## ## ## Start and stop daemon programs directly. diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 751a0f7e..3e03dac8 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1,5 +1,5 @@ -policy_module(init, 1.11.3) +policy_module(init, 1.11.4) gen_require(` class passwd rootok;