From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 14 Jan 2014 09:10:14 -0500 Subject: [refpolicy] RFC: direct_init_entry breaks direct_initrc In-Reply-To: <1389708128.28251.54.camel@x220.localdomain> References: <1386691021.18689.75.camel@d30> <52D54215.3040707@tresys.com> <1389708128.28251.54.camel@x220.localdomain> Message-ID: <52D54546.8010308@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue Jan 14 09:02:08 2014, Dominick Grift wrote: > On Tue, 2014-01-14 at 08:56 -0500, Christopher J. PeBenito wrote: >> On 12/10/13 10:57, Dominick Grift wrote: >>> I have not tested this yet and it is a theory >>> >>> I was not there when that type attribute was implemented so i do not >>> know the rationale behind the decision to implement it. >>> >>> Would be nice if anyone could shed some light on that and would be even >>> better if this fix is acknowledged >> >> It seems like it would probably work, but definitely needs to be tested. >> > > I have tested it. role transitions should happen on the init script and > now on the daemon entry file. This is a bug in the init_run_daemon > interface and it breaks a lot of stuff > > Also the init_run_daemon(unconfined_t, unconfined_r) should be make > tunable (direct_sysadm_daemon) Would you send patches for these? The first patch I only see as inlined comments in the body of the first message. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com