From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 3 Sep 2011 16:20:41 +0200
Subject: [refpolicy] [PATCHv2 3/8] Gentoo integrated run_init support
	re-executes rc
In-Reply-To: <20110903141833.GA25374@siphos.be>
References: <20110903141833.GA25374@siphos.be>
Message-ID: <20110903142041.GD25374@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When an init script is launched, Gentoo's integrated run_init support
will re-execute /sbin/rc (an all-in-one binary) for various functions.
The run_init_t domain here should not be allowed to transition yet, so
we allow it to execute /sbin/rc without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/selinuxutil.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 508b206..2981122 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -406,6 +406,8 @@ ifndef(`direct_sysadm_daemon',`
 	ifdef(`distro_gentoo',`
 		# Gentoo integrated run_init:
 		init_script_file_entry_type(run_init_t)
+
+		init_rc_exec(run_init_t)
 	')
 ')
 
-- 
1.7.3.4