From: srivasta@golden-gryphon.com (Manoj Srivastava)
Date: Wed, 01 Jul 2009 10:10:41 -0500
Subject: [refpolicy] Debian puts grub in  /usr/sbin/grub
Message-ID: <87d48kjv66.fsf@anzu.internal.golden-gryphon.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

        This patch also labels mkinitrd files, though that is likely
 obsolete now.

        manoj

diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index b638362..d7d6d2f 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -2,6 +2,14 @@
 /etc/lilo\.conf.*      --      gen_context(system_u:object_r:bootloader_etc_t,s0)
 /etc/yaboot\.conf.*    --      gen_context(system_u:object_r:bootloader_etc_t,s0)
 
+# Debian puts grub in /usr/sbin/grub
+ifdef(`distro_debian',`
+/usr/sbin/grub         --      gen_context(system_u:object_r:bootloader_exec_t,s0)
+/etc/mkinitrd/scripts/.* --    gen_context(system_u:object_r:bootloader_exec_t,s0)
+/usr/sbin/mkinitrd     --      gen_context(system_u:object_r:bootloader_exec_t,s0)
+/sbin/mkinitrd         --      gen_context(system_u:object_r:bootloader_exec_t,s0)
+',`
 /sbin/grub             --      gen_context(system_u:object_r:bootloader_exec_t,s0)
+')
 /sbin/lilo.*           --      gen_context(system_u:object_r:bootloader_exec_t,s0)
 /sbin/ybin.*           --      gen_context(system_u:object_r:bootloader_exec_t,s0)

-- 
QOTD: "There may be no excuse for laziness, but I'm sure looking."
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C