From: aranea@aixah.de (Luis Ressel)
Date: Tue, 27 Dec 2016 23:38:46 +0100
Subject: [refpolicy] [PATCH] init: run sysvinit without the dangerous
 unconfined_domain() call
In-Reply-To: <1425370720.18751.1482877006863.JavaMail.open-xchange@popper10.register.it>
References: <1425370720.18751.1482877006863.JavaMail.open-xchange@popper10.register.it>
Message-ID: <20161227233846.6ed0ebf0@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 27 Dec 2016 23:16:46 +0100 (CET)
Guido Trentalancia via refpolicy <refpolicy@oss.tresys.com> wrote:

> The aim of this patch is to start securing the init module so
> that it can run in confined mode instead of in the most unsafe
> unconfined mode.
> 
> At the moment it has been fully tested only with sysvinit.
> 
> Testing with other init daemons is needed before this is
> released, so a "permissive" statement has been added in
> order to log further needed permissions during this testing
> phase (with systemd, upstart, and so on).
> 
> [...]
>
> +permissive init_t;

Please don't add that. Debugging statements such as this one should
only be added to local policies, not to refpol's master branch. This
statement would be a huge step backwards for everyone who isn't using
the 'unconfined' module.

Regards,
Luis