[selinux-policy/f14/master: 3219/3230] shutdown: needs to connect to init with a unix stream socket.
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Oct 12 20:17:18 UTC 2010
commit 5718c0a59a1636eef032877e801b76d51d51d043
Author: Dominick Grift <domg472 at gmail.com>
Date: Mon Oct 4 20:23:41 2010 +0200
shutdown: needs to connect to init with a unix stream socket.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/admin/shutdown.te | 1 +
policy/modules/system/init.if | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
index 7824539..cf81d13 100644
--- a/policy/modules/admin/shutdown.te
+++ b/policy/modules/admin/shutdown.te
@@ -45,6 +45,7 @@ auth_write_login_records(shutdown_t)
init_dontaudit_write_utmp(shutdown_t)
init_read_utmp(shutdown_t)
+init_stream_connect(shutdown_t)
init_telinit(shutdown_t)
logging_send_audit_msgs(shutdown_t)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index f6aafe7..8419a01 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -508,6 +508,24 @@ interface(`init_sigchld',`
########################################
## <summary>
+## Connect to init with a unix socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_stream_connect',`
+ gen_require(`
+ type init_t;
+ ')
+
+ allow $1 init_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
## Inherit and use file descriptors from init.
## </summary>
## <desc>
More information about the scm-commits
mailing list