diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index bfc3a60..4ea8f37 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -359,4 +359,20 @@ dontaudit initrc_t mail_spool_t:lnk_file read; # for lsof which is used by alsa shutdown dontaudit initrc_t domain:{ udp_socket tcp_socket fifo_file unix_dgram_socket } getattr; + +optional_policy(`rpm.te',` +# Access /var/lib/rpm. +allow initrc_t rpm_var_lib_t:dir rw_dir_perms; +allow initrc_t rpm_var_lib_t:file create_file_perms; + +# for a bug in rm +dontaudit initrc_t pidfile:file write; + +# bash tries to access a block device in the initrd +dontaudit initrc_t unlabeled_t:blk_file getattr; + +# bash tries ioctl for some reason +dontaudit initrc_t pidfile:file ioctl; +') dnl end rpm.te + ') dnl end TODO