From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 15 Jan 2014 08:51:33 -0500 Subject: [refpolicy] RFC: direct_init_entry breaks direct_initrc In-Reply-To: <1389738227.4012.2.camel@x220.localdomain> References: <1386691021.18689.75.camel@d30> <52D54215.3040707@tresys.com> <1389708128.28251.54.camel@x220.localdomain> <52D54546.8010308@tresys.com> <1389724229.28251.74.camel@x220.localdomain> <52D5A197.8010805@tresys.com> <1389738227.4012.2.camel@x220.localdomain> Message-ID: <52D69265.80902@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/14/14 17:23, Dominick Grift wrote: > On Tue, 2014-01-14 at 15:44 -0500, Christopher J. PeBenito wrote: >> >> I think you may be able to drop the direct_run_init attribute and put the domtrans you added in the init_run_daemon() interface instead. >> > > Right, i also got rid of direct_init because was a lose end as well > > It builds but still not actually tested On further looking it looks like we shouldn't completely remove the direct_sysadm_daemon block out of init_daemon_domain; the userdom_dontaudit_use_user_terminals($1) should probably remain. I'd also prefer to separate the unconfined portion out to a separate patch. Otherwise it looks good. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com