From bd515fd9514bd817f08f0499c1fd5de2c04ad8e7 Mon Sep 17 00:00:00 2001 From: David Sugar Date: Fri, 8 Sep 2017 17:50:24 +0000 Subject: [PATCH] Label RHEL specific systemd binaries Label RHEL specific systemd binaries /usr/lib/systemd/rhel* as initrc_exec_t. Now in the proper location. Signed-off-by: Dave Sugar --- policy/modules/system/init.fc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index f7c2e3679..36e8b8fe0 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -38,6 +38,10 @@ ifdef(`distro_gentoo', ` /usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') +ifdef(`distro_redhat',` +/usr/lib/systemd/rhel[^/]* -- gen_context(system_u:object_r:initrc_exec_t,s0) +') + /usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) /usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)