change transition from run_init to initrc to spec.
This commit is contained in:
Chris PeBenito
parent
f76d07072a
commit
93ddc66983
|
|
@ -579,7 +579,38 @@ interface(`init_script_file_entry_type',`
|
|||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute init scripts with a domain transition.
|
||||
## Execute init scripts with a specified domain transition.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`init_spec_domtrans_script',`
|
||||
gen_require(`
|
||||
type initrc_t, initrc_exec_t;
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
domain_trans($1,initrc_exec_t,initrc_t)
|
||||
allow $1 self:process setexec;
|
||||
allow initrc_t $1:fd use;
|
||||
allow initrc_t $1:fifo_file rw_file_perms;
|
||||
allow initrc_t $1:process sigchld;
|
||||
|
||||
ifdef(`enable_mcs',`
|
||||
range_transition $1 initrc_exec_t:process s0;
|
||||
')
|
||||
|
||||
ifdef(`enable_mls',`
|
||||
range_transition $1 initrc_exec_t:process s0 - mls_systemhigh;
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute init scripts with an automatic domain transition.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(init,1.3.28)
|
||||
policy_module(init,1.3.29)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(selinuxutil,1.2.16)
|
||||
policy_module(selinuxutil,1.2.17)
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
gen_require(`
|
||||
|
|
@ -480,23 +480,6 @@ optional_policy(`
|
|||
# Run_init local policy
|
||||
#
|
||||
|
||||
selinux_get_fs_mount(run_init_t)
|
||||
selinux_validate_context(run_init_t)
|
||||
selinux_compute_access_vector(run_init_t)
|
||||
selinux_compute_create_context(run_init_t)
|
||||
selinux_compute_relabel_context(run_init_t)
|
||||
selinux_compute_user_contexts(run_init_t)
|
||||
|
||||
mls_rangetrans_source(run_init_t)
|
||||
|
||||
ifdef(`direct_sysadm_daemon',`',`
|
||||
ifdef(`distro_gentoo',`
|
||||
# Gentoo integrated run_init:
|
||||
init_script_file_entry_type(run_init_t)
|
||||
')
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`',`
|
||||
allow run_init_t self:process setexec;
|
||||
allow run_init_t self:capability setuid;
|
||||
allow run_init_t self:fifo_file rw_file_perms;
|
||||
|
|
@ -524,7 +507,16 @@ ifdef(`targeted_policy',`',`
|
|||
files_read_etc_files(run_init_t)
|
||||
files_dontaudit_search_all_dirs(run_init_t)
|
||||
|
||||
init_domtrans_script(run_init_t)
|
||||
selinux_get_fs_mount(run_init_t)
|
||||
selinux_validate_context(run_init_t)
|
||||
selinux_compute_access_vector(run_init_t)
|
||||
selinux_compute_create_context(run_init_t)
|
||||
selinux_compute_relabel_context(run_init_t)
|
||||
selinux_compute_user_contexts(run_init_t)
|
||||
|
||||
mls_rangetrans_source(run_init_t)
|
||||
|
||||
init_spec_domtrans_script(run_init_t)
|
||||
# for utmp
|
||||
init_rw_utmp(run_init_t)
|
||||
|
||||
|
|
@ -538,6 +530,13 @@ ifdef(`targeted_policy',`',`
|
|||
|
||||
logging_send_syslog_msg(run_init_t)
|
||||
|
||||
ifndef(`direct_sysadm_daemon',`
|
||||
ifdef(`distro_gentoo',`
|
||||
# Gentoo integrated run_init:
|
||||
init_script_file_entry_type(run_init_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
daemontools_domtrans_start(run_init_t)
|
||||
')
|
||||
|
|
@ -546,8 +545,6 @@ ifdef(`targeted_policy',`',`
|
|||
nscd_socket_use(run_init_t)
|
||||
')
|
||||
|
||||
') dnl end ifdef targeted policy
|
||||
|
||||
########################################
|
||||
#
|
||||
# semodule local policy
|
||||
|
|
|
|||
Loading…
Reference in New Issue