[refpolicy] RFC: direct_init_entry breaks direct_initrc
Christopher J. PeBenito
cpebenito at tresys.com
Wed Jan 15 08:51:33 EST 2014
On 01/14/14 17:23, Dominick Grift wrote:
> On Tue, 2014-01-14 at 15:44 -0500, Christopher J. PeBenito wrote:
>> I think you may be able to drop the direct_run_init attribute and put the domtrans you added in the init_run_daemon() interface instead.
> Right, i also got rid of direct_init because was a lose end as well
> It builds but still not actually tested
On further looking it looks like we shouldn't completely remove the direct_sysadm_daemon block out of init_daemon_domain; the userdom_dontaudit_use_user_terminals($1) should probably remain. I'd also prefer to separate the unconfined portion out to a separate patch. Otherwise it looks good.
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy