From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 31 Dec 2016 16:58:53 +0100 Subject: [refpolicy] [PATCH v3] plymouth: use the correct running domain for the client In-Reply-To: <45a4945b-2d61-a2ba-71a3-6fa13d07cc31@ieee.org> References: <1483132084.2893.3.camel@trentalancia.net> <1483132999.3820.0.camel@trentalancia.net> <45a4945b-2d61-a2ba-71a3-6fa13d07cc31@ieee.org> Message-ID: <1483199933.3041.0.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The plymouth client needs a domain for short running processes which are started by init scripts instead of an application domain. Also add the ability to inherit init file descriptors (for the console) and use it. Compared to the previous version (v2), this one simply moves the terminal interfaces to the right location. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/plymouthd.te | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff -pru a/policy/modules/contrib/plymouthd.te b/policy/modules/contrib/plymouthd.te --- a/policy/modules/contrib/plymouthd.te 2016-12-22 23:12:59.391081860 +0100 +++ b/policy/modules/contrib/plymouthd.te 2016-12-31 16:54:47.796736709 +0100 @@ -7,8 +7,7 @@ policy_module(plymouthd, 1.3.1) type plymouth_t; type plymouth_exec_t; -application_domain(plymouth_t, plymouth_exec_t) -role system_r types plymouth_t; +init_system_domain(plymouth_t, plymouth_exec_t) type plymouthd_t; type plymouthd_exec_t; @@ -115,8 +114,11 @@ domain_use_interactive_fds(plymouth_t) files_read_etc_files(plymouth_t) +term_use_console(plymouth_t) term_use_ptmx(plymouth_t) +init_use_fds(plymouth_t) + miscfiles_read_localization(plymouth_t) sysnet_read_config(plymouth_t)