diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 326581ecc..bd5fe2071 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -1314,6 +1314,8 @@ interface(`init_getattr_initctl',` type initctl_t; ') + dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file getattr; ') ') @@ -1353,6 +1355,7 @@ interface(`init_write_initctl',` ') dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file write; ') @@ -1385,6 +1388,7 @@ interface(`init_telinit',` corecmd_exec_bin($1) dev_list_all_dev_nodes($1) + files_search_pids($1) init_exec($1) ') @@ -1405,6 +1409,7 @@ interface(`init_rw_initctl',` ') dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file rw_fifo_file_perms; ') diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 8fabb0ea5..02538ac73 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -145,6 +145,7 @@ allow init_t init_var_run_t:file manage_lnk_file_perms; allow init_t initctl_t:fifo_file manage_fifo_file_perms; dev_filetrans(init_t, initctl_t, fifo_file) +files_pid_filetrans(init_t, initctl_t, fifo_file) # Modify utmp. allow init_t initrc_var_run_t:file { rw_file_perms setattr };