From: gizmo@giz-works.com (Chris Richards)
Date: Sun, 28 Nov 2010 02:46:58 -0600
Subject: [refpolicy] [PATCH 1/2] Allow Gentoo rc-update to manage runlevels
Message-ID: <1290934018-9306-1-git-send-email-gizmo@giz-works.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

rc-update cannot properly update the system runlevels, even when run
as the root user in sysadm role.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
---
 policy/modules/system/init.if |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index df3fa64..b1ef45f 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1441,6 +1441,25 @@ interface(`init_dontaudit_use_script_ptys',`
 
 ########################################
 ## <summary>
+##	Manage init runlevel files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_manage_runlevel_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	read_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
+	files_manage_etc_symlinks($1)
+')
+
+########################################
+## <summary>
 ##	Get the attributes of init script
 ##	status files.
 ## </summary>
-- 
1.7.3.2