From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 15 Jan 2014 14:01:32 +0100
Subject: [refpolicy] RFC: direct_init_entry breaks direct_initrc
In-Reply-To: <1389738227.4012.2.camel@x220.localdomain>
References: <1386691021.18689.75.camel@d30> <52D54215.3040707@tresys.com>
	<1389708128.28251.54.camel@x220.localdomain>
	<52D54546.8010308@tresys.com>
	<1389724229.28251.74.camel@x220.localdomain>
	<52D5A197.8010805@tresys.com>
	<1389738227.4012.2.camel@x220.localdomain>
Message-ID: <1389790892.5861.6.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2014-01-14 at 23:23 +0100, Dominick Grift wrote:
> On Tue, 2014-01-14 at 15:44 -0500, Christopher J. PeBenito wrote:
> > 
> > I think you may be able to drop the direct_run_init attribute and put the domtrans you added in the init_run_daemon() interface instead.
> > 
> 
> Right, i also got rid of direct_init because was a lose end as well
> 
> It builds but still not actually tested
> 
> Enclosed i another try:
> 

Today i (pretty thoroughly) tested this patch to the extend possible on
Fedora 20, all tests i did ran 100 percent OK

I can't be sure though that i haven't over looked anything because
sometimes i have a hard time reading Fedora policy and understanding
some of the decisions made with regard to init.

I recorded the whole implementation and testing session for reference
purposes and sent it to youtube (the fedora patch i used is in the video
description)

https://www.youtube.com/watch?v=9bIU_Ga3ss4


Might be an interesting video for people who want to learn more about
the work flow of testing modified fedora policy (or other packages)

I havent tested it on Debian yet but i am confident that this works