[refpolicy] RFC: direct_init_entry breaks direct_initrc

Daniel J Walsh dwalsh at redhat.com
Tue Jan 14 09:48:23 EST 2014

Hash: SHA1

On 01/14/2014 09:10 AM, Christopher J. PeBenito wrote:
> On Tue Jan 14 09:02:08 2014, Dominick Grift wrote:
>> On Tue, 2014-01-14 at 08:56 -0500, Christopher J. PeBenito wrote:
>>> On 12/10/13 10:57, Dominick Grift wrote:
>>>> I have not tested this yet and it is a theory
>>>> I was not there when that type attribute was implemented so i do not 
>>>> know the rationale behind the decision to implement it.
>>>> Would be nice if anyone could shed some light on that and would be
>>>> even better if this fix is acknowledged
>>> It seems like it would probably work, but definitely needs to be
>>> tested.
>> I have tested it. role transitions should happen on the init script and 
>> now on the daemon entry file. This is a bug in the init_run_daemon 
>> interface and it breaks a lot of stuff
>> Also the init_run_daemon(unconfined_t, unconfined_r) should be make 
>> tunable (direct_sysadm_daemon)
> Would you send patches for these?  The first patch I only see as inlined
> comments in the body of the first message.
> -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com 
> _______________________________________________ refpolicy mailing list 
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy

Well Fedora still does the transition since we have an interface


+       gen_require(`
+               attribute init_script_file_type;
+       ')
+       role_transition $1 init_script_file_type system_r;

But I am fine with Dominick's change.
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the refpolicy mailing list