From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 2 Aug 2016 19:26:23 -0400 Subject: [refpolicy] are we going to have unit file types? In-Reply-To: <201608022216.06786.russell@coker.com.au> References: <20160731124041.fxzedsuloxfbgnz2@athena.coker.com.au> <20160731143556.GC8181@meriadoc> <201608022216.06786.russell@coker.com.au> Message-ID: <2ca303f1-3a52-a41f-4684-2de641f9db55@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/02/16 08:16, Russell Coker wrote: > On Mon, 1 Aug 2016 12:35:56 AM Jason Zaman wrote: >> On Sun, Jul 31, 2016 at 10:40:41PM +1000, Russell Coker wrote: >>> Below is a patch that's been in my Debian tree for some time, I didn't >>> write it I took it from rawhide some years ago. >>> >>> >>> >>> Is this the way we are going to do things? If so I can tidy it up and >>> submit it. If not I'll delete it and make the Debian policy work without >>> it. >>> >>> >>> >>> Note that I am not suggesting this patch for inclusion at the >>> moment. I'm just offering it for discussion. >> >> We have unit files in refpol yeah, they are different from the stuff in >> redhat tho i think. >> >> A whole bunch like this for example: >> mandb.te:type mandb_unit_t; >> mandb.te:init_unit_file(mandb_unit_t) >> mandb.fc:/usr/lib/systemd/system/[^/]*man-db.* -- gen_context(system_ >> u:object_r:mandb_unit_t,s0) > > Thanks for the pointer. > > Is the plan that every daemon domain will get a _unit_t type? I've revised There weren't any specific plans to ensure all daemons have a unit, but I'm open to that. > the patch in my tree to use the same naming convention as is now used upstream > and removed duplicate policy. > > The attached patch is what I'm working with now, it has init_unit_file() > entries for many policy modules that lack it in the 2.20151208 refpolicy > release. I haven't yet tried applying this to the latest Git policy and aside > from that it's not ready for upstream inclusion. This is just to share what > I'm working on and to take comments about where I should go with this. Seems to be the right direction, to me. -- Chris PeBenito