diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if index e7b25d789..b277170b2 100644 --- a/refpolicy/policy/modules/system/init.if +++ b/refpolicy/policy/modules/system/init.if @@ -32,6 +32,20 @@ type init_t; class process sigchld; ') +######################################## +# +# init_use_file_descriptors(domain,[`optional']) +# +define(`init_use_file_descriptors',` +requires_block_template(init_use_file_descriptors_depend,$2) +allow $1 init_t:fd use; +') + +define(`init_use_file_descriptors_depend',` +type init_t; +class fd use; +') + ######################################## # # init_script_transition(domain,[`optional']) @@ -50,6 +64,20 @@ class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh }; ') +######################################## +# +# init_script_use_pseudoterminal(domain,[`optional']) +# +define(`init_script_use_pseudoterminal',` +requires_block_template(init_script_use_pseudoterminal_depend,$2) +allow $1 initrc_devpts_t:chr_file { read write }; +') + +define(`init_script_use_pseudoterminal_depend',` +type initrc_devpts_t; +class chr_file { read write }; +') + ######################################## # # init_script_direct_admin_transition(role,domain,[`optional'])