From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 07 Feb 2014 09:15:38 +0100 Subject: [refpolicy] [PATCH 28/39] init: startpar (initrc_t) gets attributes of /dev/dm-0 (device_t) early on boot, soon later the node context is properly reset (debian only) init: startpar (initrc_t) gets attributes of /proc/kcore file In-Reply-To: <20140206205608.1dd50417@fornost.bigon.be> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-28-git-send-email-dominick.grift@gmail.com> <20140206205608.1dd50417@fornost.bigon.be> Message-ID: <1391760938.11386.1.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2014-02-06 at 20:56 +0100, Laurent Bigonville wrote: > Le Sat, 9 Nov 2013 10:45:09 +0100, > Dominick Grift a ?crit : > > > Signed-off-by: Dominick Grift > > --- > > policy/modules/system/init.te | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/policy/modules/system/init.te > > b/policy/modules/system/init.te index 5de913e..4691035 100644 > > --- a/policy/modules/system/init.te > > +++ b/policy/modules/system/init.te > > @@ -180,7 +180,7 @@ seutil_read_config(init_t) > > miscfiles_read_localization(init_t) > > > > ifdef(`distro_debian',` > > -fs_tmpfs_filetrans(init_t, initctl_t, fifo, "initctl") > > +fs_tmpfs_filetrans(init_t, initctl_t, fifo_file, "initctl") > > fs_tmpfs_filetrans(init_t, initrc_var_run_t, file, "utmp") > > ') > > > > @@ -437,6 +437,9 @@ userdom_read_user_home_content_files(initrc_t) > > userdom_use_user_terminals(initrc_t) > > > > ifdef(`distro_debian',` > > + kernel_getattr_core_if(initrc_t) > > + > > + dev_getattr_generic_blk_files(initrc_t) > > dev_setattr_generic_dirs(initrc_t) > > > > fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir) > > Hi, > > Apparently this patch has never been merged (but the first chunk is not > applying anymore), should I repropose it or would you have the time to > do it? > > Cheers, I lost the passphrase of my ssh key for contrib so probably best to resumbit a new patch because i wont be able to commit this > > Laurent Bigonville