From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 15:41:21 +0200
Subject: [refpolicy] [PATCH 04/11] Allow gcc-config to execute /sbin/rc
 without transitioning
In-Reply-To: <20110823133643.GA857@siphos.be>
References: <20110823133643.GA857@siphos.be>
Message-ID: <20110823134121.GE857@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The gcc-config application uses some functions (from /etc/init.d/functions.sh)
which are simple wrappers on top of /sbin/rc. Since this script is sourced and
the functions executed from within gcc_config_t, we allow gcc-config to
execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/portage.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 563c598..2794531 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -103,6 +103,7 @@ files_search_pids(gcc_config_t)
 # the directory it is being run from
 files_list_all(gcc_config_t)
 
+init_rc_exec(gcc_config_t)
 # seems to be ok without this
 init_dontaudit_read_script_status_files(gcc_config_t)
 
-- 
1.7.3.4