[refpolicy] context file for openrc - Christopher J. PeBenito

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] context file for openrc
Date: Mon, 7 Mar 2016 09:45:24 -0500	[thread overview]
Message-ID: <56DD9404.8020006@tresys.com> (raw)
In-Reply-To: <20160307091536.GA4884@meriadoc.perfinion.com>

On 3/7/2016 4:15 AM, Jason Zaman wrote:
> Hi all,
> 
> I recently realized that gentoo's selinux-base package creates the
> context file /etc/selinux/*/contexts/run_init_type which contains
> "run_init_t". This file is missing from refpolicy and should be added
> since the rest of openrc's selinux support has been in refpolicy for
> ages.
> 
> The run_init_type file is used by openrc's integrated run_init stuff.
> This type is different from initrc_context (which contains
> "system_u:system_r:initrc_t:s0"). When an admin runs an init script, it
> transitions to run_init_type which does authentication and only then is
> allowed to exec into initrc_context to actually run the script.
> 
> My question is basically: should this file be renamed? I can easily fix
> it in openrc upstream so that debian and any others get it too and keep the
> legacy in gentoo for a while.

What do you suggest it be renamed to?

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

next prev parent reply	other threads:[~2016-03-07 14:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-07  9:15 [refpolicy] context file for openrc Jason Zaman
2016-03-07 14:45 ` Christopher J. PeBenito [this message]
2016-03-07 14:49   ` Jason Zaman
2016-03-07 14:55     ` Dominick Grift
2016-03-07 15:37       ` Jason Zaman
2016-03-07 16:00         ` Dominick Grift

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56DD9404.8020006@tresys.com \
    --to=cpebenito@tresys.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.