From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 2 Feb 2011 19:38:45 +0100
Subject: [refpolicy] [PATCH 1/1] Allow udev to launch init scripts (f.i.
 on	network module load)
In-Reply-To: <4D49A13F.4020802@redhat.com>
References: <1296670820-6208-1-git-send-email-sven.vermeulen@siphos.be>
	<4D49A13F.4020802@redhat.com>
Message-ID: <20110202183844.GA6308@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Feb 02, 2011 at 01:23:59PM -0500, Daniel J Walsh wrote:
> > --- a/policy/modules/system/udev.te
> > +++ b/policy/modules/system/udev.te
> > @@ -175,6 +175,7 @@ ifdef(`distro_gentoo',`
> >  	# during boot, init scripts use /dev/.rcsysinit
> >  	# existance to determine if we are in early booting
> >  	init_getattr_script_status_files(udev_t)
> > +	init_domtrans_script(udev_t)
> >  ')
> >  
> >  ifdef(`distro_redhat',`
>
> This would be better if it specified which scripts were launched.

Definitely. Was wondering why git send-email didn't ask me for more
information ;-) Anyhow, thanks for your tips in #selinux, now for the
requested information...

In Gentoo (the patch only includes the line in a distro_gentoo section), the
(default installed) 90-network.rules calls the /etc/init.d/net.<interface>
init script when a network subsystem is added or removed.

Wkr,
	Sven Vermeulen