From: jason@perfinion.com (Jason Zaman) Date: Fri, 27 Apr 2018 14:32:59 +0800 Subject: [refpolicy] [PATCH v2] init: Add filetrans for /run/initctl In-Reply-To: <20180330220754.4881-1-aranea@aixah.de> References: <20180330220754.4881-1-aranea@aixah.de> Message-ID: <20180427063259.44005-1-jason@perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com sysvinit 2.89 moved /dev/initctl to /run/initctl. There is already a filecontext so this only adds the filetrans and updates interfaces. Reported-by: revel --- policy/modules/system/init.if | 5 +++++ policy/modules/system/init.te | 1 + 2 files changed, 6 insertions(+) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 326581ec..bd5fe207 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -1314,6 +1314,8 @@ interface(`init_getattr_initctl',` type initctl_t; ') + dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file getattr; ') ') @@ -1353,6 +1355,7 @@ interface(`init_write_initctl',` ') dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file write; ') @@ -1385,6 +1388,7 @@ interface(`init_telinit',` corecmd_exec_bin($1) dev_list_all_dev_nodes($1) + files_search_pids($1) init_exec($1) ') @@ -1405,6 +1409,7 @@ interface(`init_rw_initctl',` ') dev_list_all_dev_nodes($1) + files_search_pids($1) allow $1 initctl_t:fifo_file rw_fifo_file_perms; ') diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 8fabb0ea..aa5506ca 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -145,6 +145,7 @@ allow init_t init_var_run_t:file manage_lnk_file_perms; allow init_t initctl_t:fifo_file manage_fifo_file_perms; dev_filetrans(init_t, initctl_t, fifo_file) +files_pid_filetrans(init_t, initctl_t, fifo_file, "initctl") # Modify utmp. allow init_t initrc_var_run_t:file { rw_file_perms setattr }; -- 2.16.1