From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 05 Jan 2011 10:29:25 -0500
Subject: [refpolicy] [PATCH 2/2] Allow Gentoo rc-update to manage
 runlevels, try 2
In-Reply-To: <1292884120-6497-1-git-send-email-gizmo@giz-works.com>
References: <1292884120-6497-1-git-send-email-gizmo@giz-works.com>
Message-ID: <4D248E55.3040508@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/20/10 17:28, gizmo at giz-works.com wrote:
> From: Chris Richards <gizmo@giz-works.com>
> 
> rc-update cannot properly update the system runlevels, even when run
> as the root user in sysadm role.

rc-update should not be running in run_init_t.

> Signed-off-by: Chris Richards <gizmo@giz-works.com>
> ---
>  policy/modules/system/selinuxutil.te |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> index ff5d72d..9a71b6e 100644
> --- a/policy/modules/system/selinuxutil.te
> +++ b/policy/modules/system/selinuxutil.te
> @@ -405,6 +405,10 @@ ifndef(`direct_sysadm_daemon',`
>  	')
>  ')
>  
> +ifdef(`distro_gentoo',`
> +	init_manage_script_runlevel_files(run_init_t)
> +')
> +
>  ifdef(`distro_ubuntu',`
>  	optional_policy(`
>  		unconfined_domain(run_init_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com