[refpolicy] systemd policy
dominick.grift at gmail.com
Mon Jan 13 15:22:12 EST 2014
On Mon, 2014-01-13 at 15:16 -0500, Daniel J Walsh wrote:
> Well I would not say we don't care about other init systems, since we still
> need to support systemV init scripts. I removed init_run_daemon(unconfined_t)
> because it was causing us problems with "Daemons" attempting to run as
> unconfined_u:system_r:unconfined_t:s0. We are attempting to tighten security
> on confined domains being able to transition to unconfined domains.
I suspect you removed it to get rid of the role transition on init
daemon entry files, and i believe my solution deals with that without
the need to remove that interface call.
I briefly tested the above patch and it seems to "work"
More information about the refpolicy