commit: fe62598f2fb87fe0dfca34f82311ffd29df37795
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:46:23 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:46:23 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fe62598f
Reshuffle and update with upstream
---
policy/modules/system/init.if | 82 ++++++++++++++++++++++++-------------------
1 file changed, 46 insertions(+), 36 deletions(-)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 2b7793a..99e42fc 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -150,39 +150,6 @@ interface(`init_ranged_domain',`
########################################
## <summary>
-## Mark the file type as a daemon pid file, allowing initrc_t
-## to create it
-## </summary>
-## <param name="filetype">
-## <summary>
-## Type to mark as a daemon pid file
-## </summary>
-## </param>
-## <param name="class">
-## <summary>
-## Class on which the type is applied
-## </summary>
-## </param>
-## <param name="filename">
-## <summary>
-## Filename of the file that the init script creates
-## </summary>
-## </param>
-#
-interface(`init_daemon_pid_file',`
- gen_require(`
- attribute daemonpidfile;
- type initrc_t;
- ')
-
- typeattribute $1 daemonpidfile;
-
- files_pid_file($1)
- files_pid_filetrans(initrc_t, $1, $2, $3)
-')
-
-########################################
-## <summary>
## Create a domain for long running processes
## (daemons/services) which are started by init scripts.
## </summary>
@@ -421,16 +388,50 @@ interface(`init_ranged_system_domain',`
########################################
## <summary>
-## Mark the type as a daemon run dir
+## Mark the file type as a daemon pid file, allowing initrc_t
+## to create it
## </summary>
-## <param name="rundirtype">
+## <param name="filetype">
+## <summary>
+## Type to mark as a daemon pid file
+## </summary>
+## </param>
+## <param name="class">
+## <summary>
+## Class on which the type is applied
+## </summary>
+## </param>
+## <param name="filename">
+## <summary>
+## Filename of the file that the init script creates
+## </summary>
+## </param>
+#
+interface(`init_daemon_pid_file',`
+ gen_require(`
+ attribute daemonpidfile;
+ type initrc_t;
+ ')
+
+ typeattribute $1 daemonpidfile;
+
+ files_pid_file($1)
+ files_pid_filetrans(initrc_t, $1, $2, $3)
+')
+
+########################################
+## <summary>
+## Mark the file type as a daemon run dir, allowing initrc_t
+## to create it
+## </summary>
+## <param name="filetype">
## <summary>
## Type to mark as a daemon run dir
## </summary>
## </param>
## <param name="filename">
## <summary>
-## Name of the run dir directory
+## Filename of the directory that the init script creates
## </summary>
## </param>
#
@@ -843,6 +844,14 @@ interface(`init_spec_domtrans_script',`
files_list_etc($1)
spec_domtrans_pattern($1, initrc_exec_t, initrc_t)
+ ifdef(`distro_gentoo',`
+ gen_require(`
+ type rc_exec_t;
+ ')
+
+ domtrans_pattern($1, rc_exec_t, initrc_t)
+ ')
+
ifdef(`enable_mcs',`
range_transition $1 initrc_exec_t:process s0;
')
@@ -882,6 +891,7 @@ interface(`init_domtrans_script',`
gen_require(`
type rc_exec_t;
')
+
domtrans_pattern($1, rc_exec_t, initrc_t)
')
')
