-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/system_init.patch
label all /etc/rc\.d/rc\.[^/]+ as initrc_exec_t
system-config-services uses dbus to start and stop services via
+/usr/share/system-config-services/system-config-services-mechanism\.py
--
So this needs to be labeled an initrc_script_t script
init_spec_domtrans_script and init_domtrans_script need to use all init
scripts not just the ones labeled initrc_exec_t.
dbus can be used to start any binary, so added init_bin_domtrans_spec to
transition bin_t to initrc_t, via dbus.
init_script_role_transition is used by unconifned_t to transion
initsscripts to system_r when the user executes an initrc_t script.
upstart has dbus capabilities.
init needs to list inotify
init communicates with initrc_t via stream sockets
init calls setsched
initrc_t under mls can call runuser which attempts to send and audit message
initrc_ needs to be able to talk to /dev/initctrl
initscripts create links in /var/run
initrc talks to lvm_control
initrc_t can chat with consolekit
Lots of dontaudit commands to quiet init scripts using passwd file
descriptors
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjamBkACgkQrlYvE4MpobOp+wCguq2QiyAbtI3KcGOfBmO0lHGh
Q2UAoItsiOAlq7nd470Ub3nL9XpGayVu
=4Y96
-----END PGP SIGNATURE-----