[refpolicy] [PATCHv2 3/8] Gentoo integrated run_init support re-executes rc

Sven Vermeulen sven.vermeulen at siphos.be
Sat Sep 3 09:20:41 CDT 2011


When an init script is launched, Gentoo's integrated run_init support
will re-execute /sbin/rc (an all-in-one binary) for various functions.
The run_init_t domain here should not be allowed to transition yet, so
we allow it to execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/system/selinuxutil.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 508b206..2981122 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -406,6 +406,8 @@ ifndef(`direct_sysadm_daemon',`
 	ifdef(`distro_gentoo',`
 		# Gentoo integrated run_init:
 		init_script_file_entry_type(run_init_t)
+
+		init_rc_exec(run_init_t)
 	')
 ')
 
-- 
1.7.3.4



More information about the refpolicy mailing list