| 1 |
On Sun, Aug 21, 2011 at 01:39:15PM +0200, Rados??aw Smogura wrote: |
| 2 |
> I'm not SeLinux guroo, but at eye glance it looks like init (runint) script |
| 3 |
> 1. reads contexts/run_init_type (but I think this is done to password |
| 4 |
> authentication) |
| 5 |
> 2. then it reads and changes to contexts/initrc_context domain. |
| 6 |
> |
| 7 |
> This is made in policycoreutils-extras/runscript_selinux.c. There are some |
| 8 |
> comments about initrc_devpts_t. |
| 9 |
> |
| 10 |
> Maybe changin 2. will be solution, instead of read contexts/initrc_context |
| 11 |
> take context from target script? |
| 12 |
|
| 13 |
The solution to support <domain>_initrc_exec_t must be a policy-based one |
| 14 |
afaik. I don't think it'll be too difficult to find (the places within |
| 15 |
refpolicy that are offering interfaces just for Gentoo's integrated run_init |
| 16 |
are documented), it'll just take some time to get it in proper shape. |
| 17 |
|
| 18 |
Question is, will this then support the reason for this (i.e. role-based |
| 19 |
support for calling only selected init scripts)? |
| 20 |
|
| 21 |
Wkr, |
| 22 |
Sven Vermeulen |
Archives