From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 28 Dec 2016 00:26:26 +0100 (CET) Subject: [refpolicy] [PATCH] shutdown: minor update In-Reply-To: <20161227234012.3401a42b@gentp.lnet> References: <2014691995.18775.1482877286620.JavaMail.open-xchange@popper10.register.it> <20161227234012.3401a42b@gentp.lnet> Message-ID: <1401336505.14562.1482881186452.JavaMail.open-xchange@popper05.register.it> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello. When the system is shutting down, killall5 from sysvinit is called (of course, on those systems using sysvinit) to kill all processes. Killall5 then mounts and reads the /proc filesystem to get the list of processes. I hope this helps. Regards, Guido > On the 27th December 2016 at 23.40 Luis Ressel wrote: > > > On Tue, 27 Dec 2016 23:21:26 +0100 (CET) > Guido Trentalancia via refpolicy wrote: > > > --- a/policy/modules/contrib/shutdown.te 2016-08-06 > > 21:27:11.424095136 +0200 +++ > > b/policy/modules/contrib/shutdown.te 2016-12-19 > > @@ -35,6 +36,7 @@ files_etc_filetrans(shutdown_t, shutdown > > manage_files_pattern(shutdown_t, shutdown_var_run_t, > > shutdown_var_run_t) files_pid_filetrans(shutdown_t, > > shutdown_var_run_t, file) > > +kernel_mounton_proc_dirs(shutdown_t) > > kernel_read_system_state(shutdown_t) > > What's that for? > > Regards, > Luis Ressel