From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 30 Oct 2012 22:51:53 +0100
Subject: [refpolicy] [PATCH 1/4] Allow init to set attributes on device_t
In-Reply-To: <1351633916-29606-1-git-send-email-sven.vermeulen@siphos.be>
References: <1351633916-29606-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1351633916-29606-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

In Gentoo, the openrc init framework creates the /dev/shm location (within
devtmpfs) using a "mkdir -m 1777 /dev/shm" command. This results in initrc_t
wanting to set the attributes of the /dev/shm directory (at that point still
labeled device_t as tmpfs isn't mounted on it yet).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/init.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 2a8729c..1b32148 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -86,6 +86,7 @@ files_pid_file(initrc_var_run_t)
 ifdef(`distro_gentoo',`
 	type rc_exec_t;
 	domain_entry_file(initrc_t, rc_exec_t)
+
 ')
 
 ifdef(`enable_mls',`
@@ -458,6 +459,7 @@ ifdef(`distro_gentoo',`
 	# early init
 	dev_create_generic_dirs(initrc_t)
 	dev_delete_generic_dirs(initrc_t)
+	dev_setattr_generic_dirs(initrc_t)
 
 	# allow bootmisc to create /var/lock/.keep.
 	files_manage_generic_locks(initrc_t)
-- 
1.7.8.6