From: dsugar@tresys.com (David Sugar)
Date: Thu, 7 Sep 2017 14:50:37 +0000
Subject: [refpolicy] [PATCH 1/1] Label RHEL specific systemd binaries
Message-ID: <1B50C12ACFF4CB42B90D2581155DF50205B4E9D7@Exchange10.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Label RHEL specific systemd binaries /usr/lib/systemd/rhel* as initrc_exec_t.

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/system/init.fc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index f7c2e367..0c10ca94 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -34,6 +34,10 @@ ifdef(`distro_gentoo',`
 /usr/lib/systemd/ntp-units\.d -d gen_context(system_u:object_r:systemd_unit_t,s0)
 /usr/lib/systemd/system(/.*)?	gen_context(system_u:object_r:systemd_unit_t,s0)
 
+ifdef(`distro_redhat',`
+/usr/lib/systemd/rhel[^/]* 	--	gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
 ifdef(`distro_gentoo', `
 /usr/lib/rc/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 ')
-- 
2.13.5