diff --git a/Changelog b/Changelog index 1f288f1..3691938 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +- Revise upstart support in init module to use a tunable, as upstart is now + used in Fedora too. - Add iferror.m4 rather generate it out of the Makefiles. - Definitions for open permisson on file and similar objects from Eric Paris. diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 7e4936c..43b463e 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1,5 +1,5 @@ -policy_module(init,1.9.1) +policy_module(init,1.9.2) gen_require(` class passwd rootok; @@ -10,6 +10,13 @@ gen_require(` # Declarations # +## +##

+## Enable support for upstart as the init program. +##

+##
+gen_tunable(init_upstart,false) + # used for direct running of init scripts # by admin domains attribute direct_run_init; @@ -49,6 +56,10 @@ type initrc_exec_t; domain_type(initrc_t) domain_entry_file(initrc_t,initrc_exec_t) role system_r types initrc_t; +# should be part of the true block +# of the below init_upstart tunable +# but this has a typeattribute in it +corecmd_shell_entry_type(initrc_t) type initrc_devpts_t; term_pty(initrc_devpts_t) @@ -163,7 +174,9 @@ ifdef(`distro_redhat',` fs_tmpfs_filetrans(init_t,initctl_t,fifo_file) ') -ifndef(`distro_ubuntu',` +tunable_policy(`init_upstart',` + corecmd_shell_domtrans(init_t,initrc_t) +',` # Run the shell in the sysadm role for single-user mode. # causes problems with upstart userdom_shell_domtrans_sysadm(init_t)