From: dac.override@gmail.com (Dominick Grift)
Date: Mon, 7 Mar 2016 15:55:46 +0100
Subject: [refpolicy] context file for openrc
In-Reply-To: <20160307144949.GA20572@meriadoc>
References: <20160307091536.GA4884@meriadoc.perfinion.com>
	<56DD9404.8020006@tresys.com> <20160307144949.GA20572@meriadoc>
Message-ID: <56DD9672.1090901@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/07/2016 03:49 PM, Jason Zaman wrote:
> On Mon, Mar 07, 2016 at 09:45:24AM -0500, Christopher J. PeBenito
> wrote:
>> On 3/7/2016 4:15 AM, Jason Zaman wrote:
>>> Hi all,
>>> 
>>> I recently realized that gentoo's selinux-base package creates
>>> the context file /etc/selinux/*/contexts/run_init_type which
>>> contains "run_init_t". This file is missing from refpolicy and
>>> should be added since the rest of openrc's selinux support has
>>> been in refpolicy for ages.
>>> 
>>> The run_init_type file is used by openrc's integrated run_init
>>> stuff. This type is different from initrc_context (which
>>> contains "system_u:system_r:initrc_t:s0"). When an admin runs
>>> an init script, it transitions to run_init_type which does
>>> authentication and only then is allowed to exec into
>>> initrc_context to actually run the script.
>>> 
>>> My question is basically: should this file be renamed? I can
>>> easily fix it in openrc upstream so that debian and any others
>>> get it too and keep the legacy in gentoo for a while.
>> 
>> What do you suggest it be renamed to?
> 
> I can't think of anything great. openrc_run_init_type seems a
> little long or maybe just openrc_run_init?

i would just use "openrc" then if you use the libselinux functionality
the file will end up with name "opentc_contexts", then inside there
you can for example define for example "run_init_type = TYPE"

> _______________________________________________ refpolicy mailing
> list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


- -- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJW3ZZsAAoJECV0jlU3+UdpiJoMAIQYmMb7GyYykbEGljFEdSYQ
6NtPjl+1Kf3m6C1j7ykNgw51RDyNlSonSKakQ9vuM9eDKH9yOBtyENFIEjPREXQQ
3hO4yc85Xv/QkvTDdgCgrsOWdghynWzb9JXERFjgemRmtKask5ejKr7W4+vZJVOp
HjsjJ1B6vwGAMjgG+1Rtqdj545bB/reLCLtd1D6esZ8erNoMYrXBUX3mbl0ElHkg
+fI4pAk9ArXWca4f3Qmqqbht7BCYmj7flsoDPbzU3eVRSv8Clbs9as5sw47x0n1G
QCSSzWEoxggPMZ3bvSaS2LpF4/sySmxS0+mF4hVc6CkU4JrP8RUrZTwW7d7C+00X
LiTtFGY21ZuE0+6WlCDjAeF6WczWsXUnB9Rl6haqUfKK4y99YKRS1/3GRj/VfvoM
WVHnA1UtsUUQWWjnSO8OgrI+9nWboc/CEbezNFANDM2qRGMMVe42N/I4j9SkW7SW
vmWNSXWOkVgJHQwvF8e4VAZyB59OL6kw4za01MATkw==
=4myX
-----END PGP SIGNATURE-----