From: jason@perfinion.com (Jason Zaman)
Date: Mon, 7 Mar 2016 17:15:36 +0800
Subject: [refpolicy] context file for openrc
Message-ID: <20160307091536.GA4884@meriadoc.perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi all,

I recently realized that gentoo's selinux-base package creates the
context file /etc/selinux/*/contexts/run_init_type which contains
"run_init_t". This file is missing from refpolicy and should be added
since the rest of openrc's selinux support has been in refpolicy for
ages.

The run_init_type file is used by openrc's integrated run_init stuff.
This type is different from initrc_context (which contains
"system_u:system_r:initrc_t:s0"). When an admin runs an init script, it
transitions to run_init_type which does authentication and only then is
allowed to exec into initrc_context to actually run the script.

My question is basically: should this file be renamed? I can easily fix
it in openrc upstream so that debian and any others get it too and keep the
legacy in gentoo for a while.

I will send a patch adding the file as soon as the name is OK'd

-- Jason