[DSE-Dev] Bug#739590: Bug#739590: selinux-policy-default: ssh & bind9 broken by removal of hotplug script initrc labelling
Devin Carraway
devin at debian.org
Thu Feb 20 09:17:22 UTC 2014
On Thu, Feb 20, 2014 at 12:28:43AM -0800, Devin Carraway wrote:
> I'll test out restoring the labelling and see if there's more to this.
Slightly more -- udev_t also lost the ability to transition to initrc_t, which
it will do in the old wheezy refpolicy. Labelling /etc/network/if-*d/* with
initrc_exec_t and adding
init_domtrans_script(udev_t)
To the local policy is enough to fix the problem, both for sshd and rndc.
That was originally done in
0090-udev-policy-adjustments-allow-udev_t-to-manage-etc_r.patch but from
cursory checking appears never to have been done upstream.
Devin
--
Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 4096R/9197B5F9: 9C64 37CD 1B7B 029D 0933 49EA 1E52 7672 9197 B5F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140220/e6ed920c/attachment.sig>
More information about the SELinux-devel
mailing list