trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.

Changelog

@@ -1,3 +1,5 @@
+- Revise upstart support in init module to use a tunable, as upstart is now
+  used in Fedora too.
 - Add iferror.m4 rather generate it out of the Makefiles.
 - Definitions for open permisson on file and similar objects from Eric
   Paris.

policy/modules/system/init.te

@@ -1,5 +1,5 @@
 
-policy_module(init,1.9.1)
+policy_module(init,1.9.2)
 
 gen_require(`
 	class passwd rootok;
@@ -10,6 +10,13 @@ gen_require(`
 # Declarations
 #
 
+## <desc>
+## <p>
+## Enable support for upstart as the init program.
+## </p>
+## </desc>
+gen_tunable(init_upstart,false)
+
 # used for direct running of init scripts
 # by admin domains
 attribute direct_run_init;
@@ -49,6 +56,10 @@ type initrc_exec_t;
 domain_type(initrc_t)
 domain_entry_file(initrc_t,initrc_exec_t)
 role system_r types initrc_t;
+# should be part of the true block
+# of the below init_upstart tunable
+# but this has a typeattribute in it
+corecmd_shell_entry_type(initrc_t)
 
 type initrc_devpts_t;
 term_pty(initrc_devpts_t)
@@ -163,7 +174,9 @@ ifdef(`distro_redhat',`
 	fs_tmpfs_filetrans(init_t,initctl_t,fifo_file)
 ')
 
-ifndef(`distro_ubuntu',`
+tunable_policy(`init_upstart',`
+	corecmd_shell_domtrans(init_t,initrc_t)
+',`
 	# Run the shell in the sysadm role for single-user mode.
 	# causes problems with upstart
 	userdom_shell_domtrans_sysadm(init_t)