From: dev@emefes.com (Mladen Sekara)
Date: Sun, 18 May 2014 21:37:13 +1000
Subject: [refpolicy] Single init script for multiple daemons
In-Reply-To: <1400242151.444.4.camel@x220.localdomain>
References: <1400213807.25089.9.camel@4282a12macko>
	<1400242151.444.4.camel@x220.localdomain>
Message-ID: <1400413033.4570.36.camel@vaio-emefes-com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Thanks Dominick.

Could you please elaborate a bit further on use of init_script_domain.

I had a look at hadoop policy module, but it seems haddop has multiple
init scripts for different daemons (don't know much about hadoop and
it's internals though). It has a reference to init_script_domain() in
interface file, but with my SELinux experience, I couldn't make much
sense of it.

In my case I have a single init script starting multiple daemons:

/etc/init.d/start_all (myapp_initrc_exec_t) -> /opt/myapp/start_all
/opt/myapp/bin/daemon1 (domain1_exec_t)
/opt/myapp/bin/daemon2 (domain_exec_t) 

So, just to clarify, in this case I would have:

init_script_domain(daemon1_t, daemon1_exec_t)... ???
init_script_domain(daemon2_t, daemon2_exec_t)... ???

or
init_daemon_domain(daemon1_t, daemon1_exec_t)
init_daemon_domain(daemon2_t, daemon2_exec_t)

Mladen Sekara <dev@emefes.com>


On Fri, 2014-05-16 at 14:09 +0200, Dominick Grift wrote:
> to confine various services all started from a single
> init script in individual domain.
> 
> See the hadoop policy module for an example