[refpolicy] [RFC 2/2] refpolicy: add systemd support to tresys main policy.

Guido Trentalancia guido at trentalancia.com
Sun Sep 18 19:41:58 CDT 2011

Hi Justin.

Here is the boolean you were looking for (quoted from your patch):

On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote:
> diff --git a/policy/modules/system/init.te
> b/policy/modules/system/init.te
> index 5125d1d..6fcc939 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -16,6 +16,13 @@ gen_require(`
>  ## </desc>
>  gen_tunable(init_upstart, false)
> +## <desc>
> +## <p>
> +## Enable support for systemd as the init program.
> +## </p>
> +## </desc>
> +gen_tunable(init_systemd, false) 

But please note it's disabled (false) by default. So you do need to make
sure it is enabled after having installed and loaded the policy, do not

setsebool -P init_systemd=on

After such boolean has been enabled, then all policy blocks that begin

+       tunable_policy(`init_systemd',`

will eventually get included in the policy. Those are supposedly all
essential permissions needed to successfully run a system using systemd.

If you managed to create a patch which applies and compiles cleanly,
perhaps most of the job is done and you might only need to fine tune it.



More information about the refpolicy mailing list