[selinux-policy: 1912/3172] trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:50:15 UTC 2010 

commit 47333d8246dcaff67d6ef9c142af58a484ce6e35
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Mar 10 19:29:47 2008 +0000

    trunk: Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too.

 Changelog                     |    2 ++
 policy/modules/system/init.te |   17 +++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)
---
diff --git a/Changelog b/Changelog
index 1f288f1..3691938 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Revise upstart support in init module to use a tunable, as upstart is now
+  used in Fedora too.
 - Add iferror.m4 rather generate it out of the Makefiles.
 - Definitions for open permisson on file and similar objects from Eric
   Paris.
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 7e4936c..43b463e 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.9.1)
+policy_module(init,1.9.2)
 
 gen_require(`
 	class passwd rootok;
@@ -10,6 +10,13 @@ gen_require(`
 # Declarations
 #
 
+## <desc>
+## <p>
+## Enable support for upstart as the init program.
+## </p>
+## </desc>
+gen_tunable(init_upstart,false)
+
 # used for direct running of init scripts
 # by admin domains
 attribute direct_run_init;
@@ -49,6 +56,10 @@ type initrc_exec_t;
 domain_type(initrc_t)
 domain_entry_file(initrc_t,initrc_exec_t)
 role system_r types initrc_t;
+# should be part of the true block
+# of the below init_upstart tunable
+# but this has a typeattribute in it
+corecmd_shell_entry_type(initrc_t)
 
 type initrc_devpts_t;
 term_pty(initrc_devpts_t)
@@ -163,7 +174,9 @@ ifdef(`distro_redhat',`
 	fs_tmpfs_filetrans(init_t,initctl_t,fifo_file)
 ')
 
-ifndef(`distro_ubuntu',`
+tunable_policy(`init_upstart',`
+	corecmd_shell_domtrans(init_t,initrc_t)
+',`
 	# Run the shell in the sysadm role for single-user mode.
 	# causes problems with upstart
 	userdom_shell_domtrans_sysadm(init_t)

More information about the scm-commits mailing list