Label RHEL specific systemd binaries /usr/lib/systemd/rhel* as initrc_exec_t.
Now in the proper location.
Signed-off-by: Dave Sugar <[email protected]>
---
policy/modules/system/init.fc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index f7c2e367..36e8b8fe 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -38,6 +38,10 @@ ifdef(`distro_gentoo', `
/usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
')
+ifdef(`distro_redhat',`
+/usr/lib/systemd/rhel[^/]* -- gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
/usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
/usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
--
2.13.5
On 09/08/2017 01:50 PM, David Sugar via refpolicy wrote:
> Label RHEL specific systemd binaries /usr/lib/systemd/rhel* as initrc_exec_t.
> Now in the proper location.
>
> Signed-off-by: Dave Sugar <[email protected]>
> ---
> policy/modules/system/init.fc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
> index f7c2e367..36e8b8fe 100644
> --- a/policy/modules/system/init.fc
> +++ b/policy/modules/system/init.fc
> @@ -38,6 +38,10 @@ ifdef(`distro_gentoo', `
> /usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
> ')
>
> +ifdef(`distro_redhat',`
> +/usr/lib/systemd/rhel[^/]* -- gen_context(system_u:object_r:initrc_exec_t,s0)
> +')
> +
> /usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
> /usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
Merged.
--
Chris PeBenito