* Re: [RFC 2/2] refpolicy: add systemd support to tresys main policy. [not found] ` <1316366988-3882-2-git-send-email-justinmattock@gmail.com> @ 2011-09-19 0:41 ` Guido Trentalancia 0 siblings, 0 replies; 2+ messages in thread From: Guido Trentalancia @ 2011-09-19 0:41 UTC (permalink / raw) To: Justin P. Mattock; +Cc: refpolicy, selinux, dwalsh Hi Justin. Here is the boolean you were looking for (quoted from your patch): On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote: > diff --git a/policy/modules/system/init.te > b/policy/modules/system/init.te > index 5125d1d..6fcc939 100644 > --- a/policy/modules/system/init.te > +++ b/policy/modules/system/init.te > @@ -16,6 +16,13 @@ gen_require(` > ## </desc> > gen_tunable(init_upstart, false) > > +## <desc> > +## <p> > +## Enable support for systemd as the init program. > +## </p> > +## </desc> > +gen_tunable(init_systemd, false) But please note it's disabled (false) by default. So you do need to make sure it is enabled after having installed and loaded the policy, do not forget: setsebool -P init_systemd=on After such boolean has been enabled, then all policy blocks that begin with: + tunable_policy(`init_systemd',` will eventually get included in the policy. Those are supposedly all essential permissions needed to successfully run a system using systemd. If you managed to create a patch which applies and compiles cleanly, perhaps most of the job is done and you might only need to fine tune it. Regards, Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 2+ messages in thread
* [refpolicy] [RFC 2/2] refpolicy: add systemd support to tresys main policy. @ 2011-09-19 0:41 ` Guido Trentalancia 0 siblings, 0 replies; 2+ messages in thread From: Guido Trentalancia @ 2011-09-19 0:41 UTC (permalink / raw) To: refpolicy Hi Justin. Here is the boolean you were looking for (quoted from your patch): On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote: > diff --git a/policy/modules/system/init.te > b/policy/modules/system/init.te > index 5125d1d..6fcc939 100644 > --- a/policy/modules/system/init.te > +++ b/policy/modules/system/init.te > @@ -16,6 +16,13 @@ gen_require(` > ## </desc> > gen_tunable(init_upstart, false) > > +## <desc> > +## <p> > +## Enable support for systemd as the init program. > +## </p> > +## </desc> > +gen_tunable(init_systemd, false) But please note it's disabled (false) by default. So you do need to make sure it is enabled after having installed and loaded the policy, do not forget: setsebool -P init_systemd=on After such boolean has been enabled, then all policy blocks that begin with: + tunable_policy(`init_systemd',` will eventually get included in the policy. Those are supposedly all essential permissions needed to successfully run a system using systemd. If you managed to create a patch which applies and compiles cleanly, perhaps most of the job is done and you might only need to fine tune it. Regards, Guido ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-19 0:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1316366988-3882-1-git-send-email-justinmattock@gmail.com>
[not found] ` <1316366988-3882-2-git-send-email-justinmattock@gmail.com>
2011-09-19 0:41 ` [RFC 2/2] refpolicy: add systemd support to tresys main policy Guido Trentalancia
2011-09-19 0:41 ` [refpolicy] " Guido Trentalancia
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.