From: jason@perfinion.com (Jason Zaman)
Date: Mon, 7 Mar 2016 22:49:49 +0800
Subject: [refpolicy] context file for openrc
In-Reply-To: <56DD9404.8020006@tresys.com>
References: <20160307091536.GA4884@meriadoc.perfinion.com>
	<56DD9404.8020006@tresys.com>
Message-ID: <20160307144949.GA20572@meriadoc>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Mar 07, 2016 at 09:45:24AM -0500, Christopher J. PeBenito wrote:
> On 3/7/2016 4:15 AM, Jason Zaman wrote:
> > Hi all,
> > 
> > I recently realized that gentoo's selinux-base package creates the
> > context file /etc/selinux/*/contexts/run_init_type which contains
> > "run_init_t". This file is missing from refpolicy and should be added
> > since the rest of openrc's selinux support has been in refpolicy for
> > ages.
> > 
> > The run_init_type file is used by openrc's integrated run_init stuff.
> > This type is different from initrc_context (which contains
> > "system_u:system_r:initrc_t:s0"). When an admin runs an init script, it
> > transitions to run_init_type which does authentication and only then is
> > allowed to exec into initrc_context to actually run the script.
> > 
> > My question is basically: should this file be renamed? I can easily fix
> > it in openrc upstream so that debian and any others get it too and keep the
> > legacy in gentoo for a while.
> 
> What do you suggest it be renamed to?

I can't think of anything great. openrc_run_init_type seems a little long
or maybe just openrc_run_init?