[refpolicy] [RFC 2/2] refpolicy: add systemd support to tresys main policy.
guido at trentalancia.com
Sun Sep 18 19:41:58 CDT 2011
Here is the boolean you were looking for (quoted from your patch):
On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote:
> diff --git a/policy/modules/system/init.te
> index 5125d1d..6fcc939 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -16,6 +16,13 @@ gen_require(`
> ## </desc>
> gen_tunable(init_upstart, false)
> +## <desc>
> +## <p>
> +## Enable support for systemd as the init program.
> +## </p>
> +## </desc>
> +gen_tunable(init_systemd, false)
But please note it's disabled (false) by default. So you do need to make
sure it is enabled after having installed and loaded the policy, do not
setsebool -P init_systemd=on
After such boolean has been enabled, then all policy blocks that begin
will eventually get included in the policy. Those are supposedly all
essential permissions needed to successfully run a system using systemd.
If you managed to create a patch which applies and compiles cleanly,
perhaps most of the job is done and you might only need to fine tune it.
More information about the refpolicy