From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-731608-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 495AC13838B
	for <garchives@archives.gentoo.org>; Sat, 13 Sep 2014 09:38:39 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 33EF5E084B;
	Sat, 13 Sep 2014 09:38:38 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 39A7AE084B
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Sep 2014 09:38:37 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 5627C34024D
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Sep 2014 09:38:36 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 134A95591
	for <gentoo-commits@lists.gentoo.org>; Sat, 13 Sep 2014 09:38:35 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1410600270.004c03ed39f178ef22d3e5f56d1e671e21d1f394.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/init.fc policy/modules/system/init.te
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 004c03ed39f178ef22d3e5f56d1e671e21d1f394
X-VCS-Branch: master
Date: Sat, 13 Sep 2014 09:38:35 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: d1a2ce54-3793-45c5-b96f-314abf0878a7
X-Archives-Hash: 197a084c287c6217ed0f538e6d68d383

commit:     004c03ed39f178ef22d3e5f56d1e671e21d1f394
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sun Sep  7 21:28:10 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Sep 13 09:24:30 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=004c03ed

Label systemd files in init module

---
 policy/modules/system/init.fc | 6 ++++++
 policy/modules/system/init.te | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 3496579..3c50f9d 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -26,6 +26,7 @@ ifdef(`distro_gentoo', `
 /lib/rc/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 /lib/rc/console(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 ')
+/lib/systemd/systemd	--	gen_context(system_u:object_r:init_exec_t,s0)
 
 #
 # /sbin
@@ -44,6 +45,8 @@ ifdef(`distro_gentoo', `
 #
 /usr/bin/sepg_ctl	--	gen_context(system_u:object_r:initrc_exec_t,s0)
 
+/usr/lib/systemd/systemd	--	gen_context(system_u:object_r:init_exec_t,s0)
+
 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 /usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 
@@ -53,11 +56,14 @@ ifdef(`distro_gentoo', `
 #
 # /var
 #
+/var/lib/systemd(/.*)?		gen_context(system_u:object_r:init_var_lib_t,s0)
+
 /var/run/initctl	-p	gen_context(system_u:object_r:initctl_t,s0)
 /var/run/utmp		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/runlevel\.dir		gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/random-seed	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/setmixer_flag	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
+/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 
 ifdef(`distro_debian',`
 /var/run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 88fe1de..94a5516 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -40,12 +40,18 @@ kernel_domtrans_to(init_t, init_exec_t)
 role system_r types init_t;
 
 #
-# init_var_run_t is the type for /var/run/shutdown.pid.
+# init_var_run_t is the type for /var/run/shutdown.pid and /var/run/systemd.
 #
 type init_var_run_t;
 files_pid_file(init_var_run_t)
 
 #
+# init_var_lib_t is the type for /var/lib/systemd.
+#
+type init_var_lib_t;
+files_type(init_var_lib_t)
+
+#
 # initctl_t is the type of the named pipe created
 # by init during initialization.  This pipe is used
 # to communicate with init.