Allow init to set attributes on device_t

In Gentoo, the openrc init framework creates the /dev/shm location (within devtmpfs) using a "mkdir -m 1777 /dev/shm" command. This results in initrc_t wanting to set the attributes of the /dev/shm directory (at that point still labeled device_t as tmpfs isn't mounted on it yet). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-10-30 22:51:53 +01:00 · 2012-10-30 22:51:53 +01:00 · 44b2efbf78
commit 44b2efbf78
parent 8285fe10a6
1 changed files with 2 additions and 0 deletions
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -86,6 +86,7 @@ files_pid_file(initrc_var_run_t)
 ifdef(`distro_gentoo',`
 	type rc_exec_t;
 	domain_entry_file(initrc_t, rc_exec_t)
+
 ')

 ifdef(`enable_mls',`
@ -458,6 +459,7 @@ ifdef(`distro_gentoo',`
 	# early init
 	dev_create_generic_dirs(initrc_t)
 	dev_delete_generic_dirs(initrc_t)
+	dev_setattr_generic_dirs(initrc_t)

 	# allow bootmisc to create /var/lock/.keep.
 	files_manage_generic_locks(initrc_t)