On Thu, Feb 20, 2014 at 12:28:43AM -0800, Devin Carraway wrote: > I'll test out restoring the labelling and see if there's more to this.
Slightly more -- udev_t also lost the ability to transition to initrc_t, which it will do in the old wheezy refpolicy. Labelling /etc/network/if-*d/* with initrc_exec_t and adding init_domtrans_script(udev_t) To the local policy is enough to fix the problem, both for sshd and rndc. That was originally done in 0090-udev-policy-adjustments-allow-udev_t-to-manage-etc_r.patch but from cursory checking appears never to have been done upstream. Devin -- Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com Carraway \ 4096R/9197B5F9: 9C64 37CD 1B7B 029D 0933 49EA 1E52 7672 9197 B5F9
signature.asc
Description: Digital signature