From 44b2efbf7873752474e8d18640eff5d857c8a01c Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Tue, 30 Oct 2012 22:51:53 +0100 Subject: [PATCH] Allow init to set attributes on device_t In Gentoo, the openrc init framework creates the /dev/shm location (within devtmpfs) using a "mkdir -m 1777 /dev/shm" command. This results in initrc_t wanting to set the attributes of the /dev/shm directory (at that point still labeled device_t as tmpfs isn't mounted on it yet). Signed-off-by: Sven Vermeulen --- policy/modules/system/init.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 2a8729c7f..1b321489c 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -86,6 +86,7 @@ files_pid_file(initrc_var_run_t) ifdef(`distro_gentoo',` type rc_exec_t; domain_entry_file(initrc_t, rc_exec_t) + ') ifdef(`enable_mls',` @@ -458,6 +459,7 @@ ifdef(`distro_gentoo',` # early init dev_create_generic_dirs(initrc_t) dev_delete_generic_dirs(initrc_t) + dev_setattr_generic_dirs(initrc_t) # allow bootmisc to create /var/lock/.keep. files_manage_generic_locks(initrc_t)