commit: 004c03ed39f178ef22d3e5f56d1e671e21d1f394 Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> AuthorDate: Sun Sep 7 21:28:10 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Sat Sep 13 09:24:30 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=004c03ed
Label systemd files in init module --- policy/modules/system/init.fc | 6 ++++++ policy/modules/system/init.te | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 3496579..3c50f9d 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -26,6 +26,7 @@ ifdef(`distro_gentoo', ` /lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') +/lib/systemd/systemd -- gen_context(system_u:object_r:init_exec_t,s0) # # /sbin @@ -44,6 +45,8 @@ ifdef(`distro_gentoo', ` # /usr/bin/sepg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0) +/usr/lib/systemd/systemd -- gen_context(system_u:object_r:init_exec_t,s0) + /usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) /usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) @@ -53,11 +56,14 @@ ifdef(`distro_gentoo', ` # # /var # +/var/lib/systemd(/.*)? gen_context(system_u:object_r:init_var_lib_t,s0) + /var/run/initctl -p gen_context(system_u:object_r:initctl_t,s0) /var/run/utmp -- gen_context(system_u:object_r:initrc_var_run_t,s0) /var/run/runlevel\.dir gen_context(system_u:object_r:initrc_var_run_t,s0) /var/run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0) /var/run/setmixer_flag -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0) ifdef(`distro_debian',` /var/run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 88fe1de..94a5516 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -40,12 +40,18 @@ kernel_domtrans_to(init_t, init_exec_t) role system_r types init_t; # -# init_var_run_t is the type for /var/run/shutdown.pid. +# init_var_run_t is the type for /var/run/shutdown.pid and /var/run/systemd. # type init_var_run_t; files_pid_file(init_var_run_t) # +# init_var_lib_t is the type for /var/lib/systemd. +# +type init_var_lib_t; +files_type(init_var_lib_t) + +# # initctl_t is the type of the named pipe created # by init during initialization. This pipe is used # to communicate with init.
