From: gizmo@giz-works.com (gizmo at giz-works.com)
Date: Mon, 20 Dec 2010 16:28:31 -0600
Subject: [refpolicy] [PATCH 1/2] Allow Gentoo rc-update to manage runlevels,
	try 2
Message-ID: <1292884111-6462-1-git-send-email-gizmo@giz-works.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Chris Richards <gizmo@giz-works.com>

rc-update cannot properly update the system runlevels, even when run
as the root user in sysadm role.

Signed-off-by: Chris Richards <gizmo@giz-works.com>
---
 policy/modules/system/init.if |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index ed152c4..7904818 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1442,6 +1442,25 @@ interface(`init_dontaudit_use_script_ptys',`
 
 ########################################
 ## <summary>
+##	Manage init script runlevel files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_manage_script_runlevel_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	read_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
+	files_manage_etc_symlinks($1)
+')
+
+########################################
+## <summary>
 ##	Get the attributes of init script
 ##	status files.
 ## </summary>
-- 
1.7.3.2