From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 15:43:07 +0200
Subject: [refpolicy] [PATCH 06/11] Allow the sysadm domain to execute
 /sbin/rc without transitioning
In-Reply-To: <20110823133643.GA857@siphos.be>
References: <20110823133643.GA857@siphos.be>
Message-ID: <20110823134307.GG857@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The /sbin/rc binary is used by the system administrator to manage runlevels
(add/delete), check runlevel state, etc. all which do not require a transition
to occur. Hence the /sbin/rc (now labeled rc_exec_t) is allowed to be executed
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/roles/sysadm.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 0f96353..00f8a57 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -34,6 +34,7 @@ ubac_file_exempt(sysadm_t)
 ubac_fd_exempt(sysadm_t)
 
 init_exec(sysadm_t)
+init_rc_exec(sysadm_t)
 
 # Add/remove user home directories
 userdom_manage_user_home_dirs(sysadm_t)
-- 
1.7.3.4