On 11/16/20 10:46 PM, Jason Zaman wrote:
From: Jason Zaman <perfinion@xxxxxxxxxx>
Commit "init: replace call to init_domtrans_script"
(be231899f5c7f0882843942624dd268f99bab141 in upstream repo)
removed the call to init_domtrans_script which removed the openrc
domtrans. This adds it back directly in the distro_gentoo block.
Signed-off-by: Jason Zaman <perfinion@xxxxxxxxxx>
Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx>
---
policy/modules/system/init.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index b2a9069b3..b284fc26b 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -120,6 +120,7 @@ init_unit_file(systemd_unit_t)
ifdef(`distro_gentoo',`
type rc_exec_t;
domain_entry_file(initrc_t, rc_exec_t)
+ domtrans_pattern(init_t, rc_exec_t, initrc_t)
')
ifdef(`enable_mls',`
Merged.
--
Chris PeBenito
