From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 07 Oct 2010 13:08:18 -0400 Subject: [refpolicy] [ patch 29/44] shutdown: needs to connect to init with a unix stream socket. In-Reply-To: <1286216636-28449-31-git-send-email-domg472@gmail.com> References: <1286216636-28449-1-git-send-email-domg472@gmail.com> <1286216636-28449-31-git-send-email-domg472@gmail.com> Message-ID: <4CADFE82.9000001@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/04/10 14:23, Dominick Grift wrote: > > Signed-off-by: Dominick Grift Merged. > :100644 100644 7824539... cf81d13... M policy/modules/admin/shutdown.te > :100644 100644 f6aafe7... 8419a01... M policy/modules/system/init.if > policy/modules/admin/shutdown.te | 1 + > policy/modules/system/init.if | 18 ++++++++++++++++++ > 2 files changed, 19 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te > index 7824539..cf81d13 100644 > --- a/policy/modules/admin/shutdown.te > +++ b/policy/modules/admin/shutdown.te > @@ -45,6 +45,7 @@ auth_write_login_records(shutdown_t) > > init_dontaudit_write_utmp(shutdown_t) > init_read_utmp(shutdown_t) > +init_stream_connect(shutdown_t) > init_telinit(shutdown_t) > > logging_send_audit_msgs(shutdown_t) > diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if > index f6aafe7..8419a01 100644 > --- a/policy/modules/system/init.if > +++ b/policy/modules/system/init.if > @@ -508,6 +508,24 @@ interface(`init_sigchld',` > > ######################################## > ##

> +## Connect to init with a unix socket. > +##

> +## > +##

> +## Domain allowed access. > +##

> +## > +# > +interface(`init_stream_connect',` > + gen_require(` > + type init_t; > + ') > + > + allow $1 init_t:unix_stream_socket connectto; > +') > + > +######################################## > +##

> ## Inherit and use file descriptors from init. > ##

> ## -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com