Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 581420 Details for
Bug 688946
openrc-init selinux support patch
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
V2 openrc-init selinux support patch
0001-Add-support-for-openrc-init.patch (text/plain), 4.36 KB, created by
Alexander Miroshnichenko
on 2019-06-29 17:15:04 UTC
(
hide
)
Description:
V2 openrc-init selinux support patch
Filename:
MIME Type:
Creator:
Alexander Miroshnichenko
Created:
2019-06-29 17:15:04 UTC
Size:
4.36 KB
patch
obsolete
>From dd903b1f3b28ae353aa0ba57babea0b2999a1140 Mon Sep 17 00:00:00 2001 >From: Alexander Miroshnichenko <alex@millerson.name> >Date: Sat, 29 Jun 2019 20:05:57 +0300 >Subject: [PATCH] Add support for openrc-init >Content-Type: text/plain; charset="utf-8" >Content-Transfer-Encoding: 8bit > >Signed-off-by: Alexander Miroshnichenko <alex@millerson.name> >--- > policy/modules/admin/shutdown.fc | 2 ++ > policy/modules/system/init.fc | 2 ++ > policy/modules/system/init.if | 16 ++++++++-------- > policy/modules/system/init.te | 2 ++ > 4 files changed, 14 insertions(+), 8 deletions(-) > >diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc >index 03a2230c6766..9d2e1b8acff2 100644 >--- a/policy/modules/admin/shutdown.fc >+++ b/policy/modules/admin/shutdown.fc >@@ -4,6 +4,8 @@ > > /usr/lib/upstart/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) > >+/usr/sbin/openrc-shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) >+ > /usr/sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) > > /run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0) >diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc >index 0775a6ba777c..d9faded9eb8f 100644 >--- a/policy/modules/system/init.fc >+++ b/policy/modules/system/init.fc >@@ -41,6 +41,7 @@ ifdef(`distro_gentoo',` > > /usr/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0) > /usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0) >+/usr/sbin/openrc-init -- gen_context(system_u:object_r:init_exec_t,s0) > /usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) > > ifdef(`distro_gentoo', ` >@@ -60,6 +61,7 @@ ifdef(`distro_redhat',` > /run/initctl -p gen_context(system_u:object_r:initctl_t,s0) > /run/kerneloops\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0) > /run/utmp -- gen_context(system_u:object_r:initrc_var_run_t,s0) >+/run/openrc/init\.ctl -p gen_context(system_u:object_r:initctl_t,s0) > /run/runlevel\.dir gen_context(system_u:object_r:initrc_var_run_t,s0) > /run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0) > /run/setmixer_flag -- gen_context(system_u:object_r:initrc_var_run_t,s0) >diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if >index 89ac691c5f04..d61892e7355f 100644 >--- a/policy/modules/system/init.if >+++ b/policy/modules/system/init.if >@@ -1324,12 +1324,13 @@ interface(`init_pid_filetrans',` > # > interface(`init_getattr_initctl',` > gen_require(` >- type initctl_t; >+ type initctl_t, initrc_state_t; > ') > > files_search_pids($1) > dev_list_all_dev_nodes($1) > allow $1 initctl_t:fifo_file getattr; >+ allow $1 initrc_state_t:dir search_dir_perms; > ') > > ######################################## >@@ -1363,12 +1364,13 @@ interface(`init_dontaudit_getattr_initctl',` > # > interface(`init_write_initctl',` > gen_require(` >- type initctl_t; >+ type initctl_t, initrc_state_t; > ') > > dev_list_all_dev_nodes($1) > files_search_pids($1) > allow $1 initctl_t:fifo_file write; >+ allow $1 initrc_state_t:dir search_dir_perms; > ') > > ######################################## >@@ -1395,14 +1397,11 @@ interface(`init_telinit',` > #576913 > allow $1 init_t:unix_stream_socket connectto; > >- allow $1 initctl_t:fifo_file rw_fifo_file_perms; >- > corecmd_exec_bin($1) > >- dev_list_all_dev_nodes($1) >- files_search_pids($1) >- > init_exec($1) >+ >+ init_rw_initctl($1) > ') > > ######################################## >@@ -1417,12 +1416,13 @@ interface(`init_telinit',` > # > interface(`init_rw_initctl',` > gen_require(` >- type initctl_t; >+ type initctl_t, initrc_state_t; > ') > > dev_list_all_dev_nodes($1) > files_search_pids($1) > allow $1 initctl_t:fifo_file rw_fifo_file_perms; >+ allow $1 initrc_state_t:dir search_dir_perms; > ') > > ######################################## >diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te >index 9f3cfba1bf6d..6319a010cfa8 100644 >--- a/policy/modules/system/init.te >+++ b/policy/modules/system/init.te >@@ -146,6 +146,8 @@ allow init_t init_var_run_t:file manage_lnk_file_perms; > allow init_t initctl_t:fifo_file manage_fifo_file_perms; > dev_filetrans(init_t, initctl_t, fifo_file) > files_pid_filetrans(init_t, initctl_t, fifo_file) >+# Allow openrc-init to create /run/openrc/init.ctl pipe. >+filetrans_add_pattern(init_t, initrc_state_t, initctl_t, fifo_file, "init.ctl" ) > > # Modify utmp. > allow init_t initrc_var_run_t:file { rw_file_perms setattr }; >-- >2.21.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=581420">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 688946
:
581402
| 581420
