From: dac.override@gmail.com (Dominick Grift)
Date: Tue, 3 Apr 2018 12:07:13 +0200
Subject: [refpolicy] [PATCH] system/init: Add a filetrans for
	/run/initctl
In-Reply-To: <20180330220754.4881-1-aranea@aixah.de>
References: <20180330220754.4881-1-aranea@aixah.de>
Message-ID: <20180403100713.GB2114@julius.enp8s0.d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, Mar 31, 2018 at 12:07:54AM +0200, Luis Ressel via refpolicy wrote:
> sysvinit 2.89 moved /dev/initctl to /run/initctl.

Might this be missing an file context specification?

Also, should existing interfaces providing access to initctl, be extended to allow traversal of /run?

> 
> Reported-by: revel
> ---
>  policy/modules/system/init.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
> index 4fd9745b..64c61377 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -145,6 +145,7 @@ allow init_t init_var_run_t:file manage_lnk_file_perms;
>  
>  allow init_t initctl_t:fifo_file manage_fifo_file_perms;
>  dev_filetrans(init_t, initctl_t, fifo_file)
> +files_pid_filetrans(init_t, initctl_t, fifo_file, "initctl")
>  
>  # Modify utmp.
>  allow init_t initrc_var_run_t:file { rw_file_perms setattr };
> -- 
> 2.16.3
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20180403/cbe55edf/attachment.bin