When starting and stopping dhcpcd, some scripts are fired off by udev as the
result of devices being hotplugged (net.eth0). These scripts update status
information for openrc, specifically with respect to started or stopoed
services, as well as information regarding the hotplugged or scheduled state.
They also need to be able to read information regarding the current runlevel
of the system, also maintained by openrc.
Add interfaces to init.if
Signed-off-by: Chris Richards <[email protected]>
---
policy/modules/system/init.if | 43 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 43 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index ed152c4..940b91f 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1461,6 +1467,25 @@ interface(`init_getattr_script_status_files',`
########################################
## <summary>
+## Read init script status files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_read_script_status_files',`
+ gen_require(`
+ type initrc_state_t;
+ ')
+
+ list_dirs_pattern($1, initrc_state_t, initrc_state_t)
+ read_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
## Do not audit attempts to read init script
## status files.
## </summary>
@@ -1481,6 +1506,24 @@ interface(`init_dontaudit_read_script_status_files',`
########################################
## <summary>
+## Manage init script status link files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_manage_script_status_lnk_files',`
+ gen_require(`
+ type initrc_state_t;
+ ')
+
+ manage_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
## Read init script temporary data.
## </summary>
## <param name="domain">
--
1.7.3.4
On 12/29/10 01:20, Chris Richards wrote:
> When starting and stopping dhcpcd, some scripts are fired off by udev as the
> result of devices being hotplugged (net.eth0). These scripts update status
> information for openrc, specifically with respect to started or stopoed
> services, as well as information regarding the hotplugged or scheduled state.
> They also need to be able to read information regarding the current runlevel
> of the system, also maintained by openrc.
It seems like the best course of action would actually be to have a
transition to initrc_t if its running init scripts.
> Add interfaces to init.if
>
> Signed-off-by: Chris Richards <[email protected]>
> ---
> policy/modules/system/init.if | 43 +++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 43 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
> index ed152c4..940b91f 100644
> --- a/policy/modules/system/init.if
> +++ b/policy/modules/system/init.if
> @@ -1461,6 +1467,25 @@ interface(`init_getattr_script_status_files',`
>
> ########################################
> ## <summary>
> +## Read init script status files.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`init_read_script_status_files',`
> + gen_require(`
> + type initrc_state_t;
> + ')
> +
> + list_dirs_pattern($1, initrc_state_t, initrc_state_t)
> + read_files_pattern($1, initrc_state_t, initrc_state_t)
> +')
> +
> +########################################
> +## <summary>
> ## Do not audit attempts to read init script
> ## status files.
> ## </summary>
> @@ -1481,6 +1506,24 @@ interface(`init_dontaudit_read_script_status_files',`
>
> ########################################
> ## <summary>
> +## Manage init script status link files.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`init_manage_script_status_lnk_files',`
> + gen_require(`
> + type initrc_state_t;
> + ')
> +
> + manage_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
> +')
> +
> +########################################
> +## <summary>
> ## Read init script temporary data.
> ## </summary>
> ## <param name="domain">
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com