From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 15:41:58 +0200
Subject: [refpolicy] [PATCH 05/11] Gentoo's integrated run_init support
 re-executes /sbin/rc
In-Reply-To: <20110823133643.GA857@siphos.be>
References: <20110823133643.GA857@siphos.be>
Message-ID: <20110823134157.GF857@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When an init script is launched, Gentoo's integrated run_init support will
re-execute /sbin/rc (an all-in-one binary) for various functions. The
run_init_t domain here should not be allowed to transition yet, so we allow it
to execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/selinuxutil.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 12dabe2..ace2010 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -406,6 +406,7 @@ ifndef(`direct_sysadm_daemon',`
 	ifdef(`distro_gentoo',`
 		# Gentoo integrated run_init:
 		init_script_file_entry_type(run_init_t)
+		init_rc_exec(run_init_t)
 	')
 ')
 
-- 
1.7.3.4