From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 10 Dec 2013 17:00:39 +0100 Subject: [refpolicy] RFC: direct_init_entry breaks direct_initrc In-Reply-To: <1386691021.18689.75.camel@d30> References: <1386691021.18689.75.camel@d30> Message-ID: <1386691239.18689.78.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2013-12-10 at 16:57 +0100, Dominick Grift wrote: > > > > typeattribute $1 direct_init; > > - typeattribute $2 direct_init_entry; Here its actually associated with the init daemon entry file. That is wrong in my view. The role transition should happen on the init script not the daemon entry file > > - role_transition $2 direct_init_entry system_r; > > + role_transition $2 init_script_file_type system_r; Here is that actual role transition. This is causing problems with direct_initrc. role transition to system_r should happen on the init script and not the init daemon executable file