commit: 46171c7e1b366ee26f62fcbceab9ea3c9f532628 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Tue Nov 17 03:46:27 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Nov 28 22:56:12 2020 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=46171c7e
init: upstream fcontexts from gentoo policy Signed-off-by: Jason Zaman <jason <AT> perfinion.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/init.fc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 74fb8211..c8451701 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -44,8 +44,11 @@ ifdef(`distro_gentoo',` /usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) ifdef(`distro_gentoo', ` +/usr/lib/rc/cache(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) +/usr/lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) -/usr/sbin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/sbin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/sbin/openrc -- gen_context(system_u:object_r:rc_exec_t,s0) /usr/sbin/openrc-init -- gen_context(system_u:object_r:init_exec_t,s0) /usr/sbin/openrc-shutdown -- gen_context(system_u:object_r:init_exec_t,s0) ') @@ -79,6 +82,9 @@ ifdef(`distro_debian',` ifdef(`distro_gentoo', ` /var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) +/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0) + +/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /run/svscan\.pid -- gen_context(system_u:object_r:initrc_runtime_t,s0) ')
