From: jason@perfinion.com (Jason Zaman) Date: Mon, 30 Apr 2018 11:55:24 +0800 Subject: [refpolicy] [PATCH v2] init: Add filetrans for /run/initctl In-Reply-To: <5ac3ebc3-5c7f-f847-0093-b80be6dfbc55@ieee.org> References: <20180330220754.4881-1-aranea@aixah.de> <20180427063259.44005-1-jason@perfinion.com> <5ac3ebc3-5c7f-f847-0093-b80be6dfbc55@ieee.org> Message-ID: <20180430035524.GA26593@baraddur.perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sat, Apr 28, 2018 at 06:05:59PM -0400, Chris PeBenito wrote: > On 04/27/2018 02:32 AM, Jason Zaman via refpolicy wrote: > > > diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te > > index 8fabb0ea..aa5506ca 100644 > > --- a/policy/modules/system/init.te > > +++ b/policy/modules/system/init.te > > @@ -145,6 +145,7 @@ allow init_t init_var_run_t:file manage_lnk_file_perms; > > > > allow init_t initctl_t:fifo_file manage_fifo_file_perms; > > dev_filetrans(init_t, initctl_t, fifo_file) > > +files_pid_filetrans(init_t, initctl_t, fifo_file, "initctl") > > Is the name really needed? I don't see any type_transition conflicts. > Indeed, there is a filetrans for file but nothing for fifo_file. I'll re-send the patch -- Jason