From: dominick.grift@gmail.com (Dominick Grift) Date: Sat, 9 Nov 2013 10:44:58 +0100 Subject: [refpolicy] [PATCH 17/39] init: This should make transitions to init_script_domains() work for direct_sysadm_daemon In-Reply-To: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> Message-ID: <1383990320-3340-17-git-send-email-dominick.grift@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Dominick Grift --- policy/modules/system/init.if | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 79a45f6..bc49474 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -67,7 +67,8 @@ interface(`init_script_file',` interface(`init_script_domain',` gen_require(` attribute init_script_domain_type, init_script_file_type; - attribute init_run_all_scripts_domain; + attribute init_run_all_scripts_domain, direct_init, direct_init_entry; + attribute direct_run_init; ') typeattribute $1 init_script_domain_type; @@ -77,6 +78,16 @@ interface(`init_script_domain',` domain_entry_file($1, $2) domtrans_pattern(init_run_all_scripts_domain, $2, $1) + + ifdef(`direct_sysadm_daemon',` + domtrans_pattern(direct_run_init, $2, $1) + allow direct_run_init $1:process { noatsecure siginh rlimitinh }; + + typeattribute $1 direct_init; + typeattribute $2 direct_init_entry; + + userdom_dontaudit_use_user_terminals($1) + ') ') ######################################## -- 1.8.3.1