From 4459a7c086b86b268713627da8e8b4e4976703b0 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 15 Jul 2008 15:33:51 +0000
Subject: [PATCH] trunk: update init_telinit() for upstart's datagram socket
 usage instead of pipe useage.

---
 Changelog                     |  3 +++
 policy/modules/system/init.if | 10 ++++++++++
 policy/modules/system/init.te |  2 +-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index b2b0f4bb4..e03ca426a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,6 @@
+- Issuing commands to upstart is over a datagram socket, not the initctl
+  named pipe.  Updated init_telinit() to match.
+
 * Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
 - Fix httpd_enable_homedirs to actually provide the access it is supposed to
   provide.
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index acda111eb..cb8974e28 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -469,6 +469,16 @@ interface(`init_telinit',`
 	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
 
 	init_exec($1)
+
+	tunable_policy(`init_upstart',`
+		gen_require(`
+			type init_t;
+		')
+
+		# upstart uses a datagram socket instead of initctl pipe
+		allow $1 self:unix_dgram_socket create_socket_perms;
+		allow $1 init_t:unix_dgram_socket sendto;
+	')
 ')
 
 ########################################
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 81a679dea..0e457ddf0 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init, 1.11.0)
+policy_module(init, 1.11.1)
 
 gen_require(`
 	class passwd rootok;