From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0889C198005 for ; Sat, 23 Feb 2013 17:14:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7D959E05F2; Sat, 23 Feb 2013 17:14:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E76D1E05F1 for ; Sat, 23 Feb 2013 17:14:02 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BE62D33DCA8 for ; Sat, 23 Feb 2013 17:14:01 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 1C9A5E4075 for ; Sat, 23 Feb 2013 17:14:00 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1361639003.fdf8829dd4d7fb9dd3410bce5f57d6ffd2232aa5.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/init.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: fdf8829dd4d7fb9dd3410bce5f57d6ffd2232aa5 X-VCS-Branch: master Date: Sat, 23 Feb 2013 17:14:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 962a5a66-d45e-46d7-b146-482ec9ff0f53 X-Archives-Hash: 52a9dfb342c5b6af5804285e87e71e69 commit: fdf8829dd4d7fb9dd3410bce5f57d6ffd2232aa5 Author: Sven Vermeulen siphos be> AuthorDate: Sat Feb 23 17:03:23 2013 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sat Feb 23 17:03:23 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fdf8829d Allow init script to toggle enforce mode Our documentation mentions that an init script can be used to toggle enforce mode if immediately booting in enforcing doesn't work (due to initramfs requirements or so). But that means that initrc_t needs to be able to. --- policy/modules/system/init.te | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index f91f807..1b48f45 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -926,6 +926,8 @@ ifdef(`distro_gentoo',` logging_delete_devlog_socket(initrc_t) + selinux_set_enforce_mode(initrc_t) + optional_policy(` alsa_write_lib(initrc_t) ')