From: dev@emefes.com (Mladen Sekara) Date: Sun, 18 May 2014 21:37:13 +1000 Subject: [refpolicy] Single init script for multiple daemons In-Reply-To: <1400242151.444.4.camel@x220.localdomain> References: <1400213807.25089.9.camel@4282a12macko> <1400242151.444.4.camel@x220.localdomain> Message-ID: <1400413033.4570.36.camel@vaio-emefes-com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks Dominick. Could you please elaborate a bit further on use of init_script_domain. I had a look at hadoop policy module, but it seems haddop has multiple init scripts for different daemons (don't know much about hadoop and it's internals though). It has a reference to init_script_domain() in interface file, but with my SELinux experience, I couldn't make much sense of it. In my case I have a single init script starting multiple daemons: /etc/init.d/start_all (myapp_initrc_exec_t) -> /opt/myapp/start_all /opt/myapp/bin/daemon1 (domain1_exec_t) /opt/myapp/bin/daemon2 (domain_exec_t) So, just to clarify, in this case I would have: init_script_domain(daemon1_t, daemon1_exec_t)... ??? init_script_domain(daemon2_t, daemon2_exec_t)... ??? or init_daemon_domain(daemon1_t, daemon1_exec_t) init_daemon_domain(daemon2_t, daemon2_exec_t) Mladen Sekara On Fri, 2014-05-16 at 14:09 +0200, Dominick Grift wrote: > to confine various services all started from a single > init script in individual domain. > > See the hadoop policy module for an example