From: dsugar@tresys.com (David Sugar)
Date: Fri, 8 Sep 2017 17:50:24 +0000
Subject: [refpolicy] [PATCH-v2 1/1] Label RHEL specific systemd binaries
Message-ID: <1B50C12ACFF4CB42B90D2581155DF50205B4F59A@Exchange10.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Label RHEL specific systemd binaries /usr/lib/systemd/rhel* as initrc_exec_t.
Now in the proper location.

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/system/init.fc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index f7c2e367..36e8b8fe 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -38,6 +38,10 @@ ifdef(`distro_gentoo', `
 /usr/lib/rc/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 ')
 
+ifdef(`distro_redhat',`
+/usr/lib/systemd/rhel[^/]* 	--	gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 /usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 
-- 
2.13.5