From: domg472@gmail.com (Dominick Grift) Date: Mon, 20 Dec 2010 23:37:13 +0100 Subject: [refpolicy] [PATCH 1/2] Allow Gentoo rc-update to manage runlevels, try 2 In-Reply-To: <1292884111-6462-1-git-send-email-gizmo@giz-works.com> References: <1292884111-6462-1-git-send-email-gizmo@giz-works.com> Message-ID: <4D0FDA99.9070901@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/20/2010 11:28 PM, gizmo at giz-works.com wrote: > From: Chris Richards > > rc-update cannot properly update the system runlevels, even when run > as the root user in sysadm role. > > Signed-off-by: Chris Richards > --- > policy/modules/system/init.if | 19 +++++++++++++++++++ > 1 files changed, 19 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if > index ed152c4..7904818 100644 > --- a/policy/modules/system/init.if > +++ b/policy/modules/system/init.if > @@ -1442,6 +1442,25 @@ interface(`init_dontaudit_use_script_ptys',` > > ######################################## > ##

> +## Manage init script runlevel files. > +##

> +## > +##

> +## Domain allowed access. > +##

> +## > +# > +interface(`init_manage_script_runlevel_files',` > + gen_require(` > + type initrc_state_t; > + ') > + > + read_lnk_files_pattern($1, initrc_state_t, initrc_state_t) > + files_manage_etc_symlinks($1) I am worried about the above symlink, seems to be it may be mislabelled. (should it have been created with initrc_state_t type or some other type?) > +') > + > +######################################## > +##

> ## Get the attributes of init script > ## status files. > ##

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0P2pkACgkQMlxVo39jgT+o2gCgwtQZXmkairFLb1lSVYMRGIYY LyoAn1ZbC8tlSpPCKi9+vJeiQm6CRLk3 =vYcR -----END PGP SIGNATURE-----