From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 3 Jan 2017 19:36:19 -0500 Subject: [refpolicy] [PATCH v5] init: support sysvinit In-Reply-To: <1483391492.6917.1.camel@trentalancia.net> References: <1425370720.18751.1482877006863.JavaMail.open-xchange@popper10.register.it> <20161227233846.6ed0ebf0@gentp.lnet> <1320659434.14525.1482879298312.JavaMail.open-xchange@popper05.register.it> <20161228000230.798bf64d@gentp.lnet> <1482957927.2738.12.camel@trentalancia.net> <1483213929.9440.0.camel@trentalancia.net> <1483315479.3723.1.camel@trentalancia.net> <1483391492.6917.1.camel@trentalancia.net> Message-ID: <2a7c76b9-466a-ba4f-1130-dc914844667c@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/02/17 16:11, Guido Trentalancia via refpolicy wrote: > Add a permission needed for the correct functioning of sysvinit > on systems using the initramfs. > > Without the selinux_get_fs_mount() interface call, the call to > libselinux:is_selinux_enabled() fails and sysvinit tries to do > the initial policy load again. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/system/init.te | 5 +++++ > 1 file changed, 5 insertions(+) > > diff -pru a/policy/modules/system/init.te b/policy/modules/system/init.te > --- a/policy/modules/system/init.te 2016-12-29 22:48:16.456818544 +0100 > +++ b/policy/modules/system/init.te 2017-01-02 21:08:19.963436591 +0100 > @@ -162,6 +162,7 @@ files_exec_etc_files(init_t) > files_dontaudit_rw_root_files(init_t) > files_dontaudit_rw_root_chr_files(init_t) > > +fs_getattr_xattr_fs(init_t) > fs_list_inotifyfs(init_t) > # cjp: this may be related to /dev/log > fs_write_ramfs_sockets(init_t) > @@ -174,6 +175,10 @@ mls_file_write_all_levels(init_t) > mls_process_write_all_levels(init_t) > mls_fd_use_all_levels(init_t) > > +# the following one is needed for libselinux:is_selinux_enabled() > +# otherwise the call fails and sysvinit tries to load the policy > +# again when using the initramfs > +selinux_get_fs_mount(init_t) > selinux_set_all_booleans(init_t) > > term_use_all_terms(init_t) Merged. -- Chris PeBenito