From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 14 Feb 2011 08:41:54 -0500
Subject: [refpolicy] [PATCH 1/1] Allow udev to launch init scripts (f.i.
 on	network module load)
In-Reply-To: <20110202183844.GA6308@siphos.be>
References: <1296670820-6208-1-git-send-email-sven.vermeulen@siphos.be>	<4D49A13F.4020802@redhat.com>
	<20110202183844.GA6308@siphos.be>
Message-ID: <4D593122.9000701@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/2/2011 1:38 PM, Sven Vermeulen wrote:
> On Wed, Feb 02, 2011 at 01:23:59PM -0500, Daniel J Walsh wrote:
>>> --- a/policy/modules/system/udev.te
>>> +++ b/policy/modules/system/udev.te
>>> @@ -175,6 +175,7 @@ ifdef(`distro_gentoo',`
>>>   	# during boot, init scripts use /dev/.rcsysinit
>>>   	# existance to determine if we are in early booting
>>>   	init_getattr_script_status_files(udev_t)
>>> +	init_domtrans_script(udev_t)
>>>   ')
>>>
>>>   ifdef(`distro_redhat',`
>>
>> This would be better if it specified which scripts were launched.
>
> Definitely. Was wondering why git send-email didn't ask me for more
> information ;-) Anyhow, thanks for your tips in #selinux, now for the
> requested information...
>
> In Gentoo (the patch only includes the line in a distro_gentoo section), the
> (default installed) 90-network.rules calls the /etc/init.d/net.<interface>
> init script when a network subsystem is added or removed.

I believe he is saying that the scripts should be labeled, not that 
you're missing a description (though thats important too).

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com