From a4b8f773c162831e08a4742772b4e548de4b9db7 Mon Sep 17 00:00:00 2001 From: Russell Coker Date: Wed, 3 Aug 2016 15:48:19 +1000 Subject: [PATCH] getattr on unlabeled blk devs The following has been in my tree for a few years. It allows initrc_t to stat devices early in the boot process. >From ad46ce856a1a780cf6c3a0bb741794019e03edc2 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sat, 9 Nov 2013 10:45:09 +0100 Subject: [PATCH] init: startpar (initrc_t) gets attributes of /dev/dm-0 (device_t) early on boot, soon later the node context is properly reset (debian only) init: startpar (initrc_t) gets attributes of /proc/kcore file Signed-off-by: Dominick Grift --- policy/modules/system/init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index ab2f7a115..58004c465 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -568,6 +568,9 @@ userdom_read_user_home_content_files(initrc_t) userdom_use_user_terminals(initrc_t) ifdef(`distro_debian',` + kernel_getattr_core_if(initrc_t) + + dev_getattr_generic_blk_files(initrc_t) dev_setattr_generic_dirs(initrc_t) fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)