Skip to content
This repository has been archived by the owner on Jul 2, 2018. It is now read-only.

Implement systemd policy. #8

Merged
merged 9 commits into from
Oct 23, 2015
Merged

Implement systemd policy. #8

merged 9 commits into from
Oct 23, 2015

Conversation

pebenito
Copy link
Contributor

Use the SYSTEMD build.conf variable to switch from the traditional
sysvinit-style init system to systemd.

  • Major contributions from Mike Palmiotto of the Tresys CLIP team.
  • Contributions from Laurent Bigonville.

@pebenito
Copy link
Contributor Author

Please ignore the above Travis CI build error. It errors because the refpolicy-contrib refers to the upstream repo, so the submodule commit here is not available yet.

perfinion
perfinion reviewed Oct 19, 2015
View reviewed changes
policy/modules/contrib
@@ -1 +1 @@
Subproject commit 559464c749ca91dc6988fd87e7e1f31c90653f27
Subproject commit 929ee738761ecc09e49e501d92107143458d66f8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The submodule should be merged in separately i think

@bigon
Copy link
Contributor

bigon commented Oct 20, 2015

Could you also add a subsitution for debian (and other distro not using unified-/usr?)

Debian/Ubuntu install most of the systemd stuffs in /lib not /usr/lib so an equivalence like should be added

/lib/systemd /usr/lib/systemd

@bigon
Copy link
Contributor

bigon commented Oct 20, 2015

I guess the "SYSTEMD" setting should also be written to the build.conf in the install-headers target too

Edit: and the -D part should be added to the Makefile.devel

@bigon
Copy link
Contributor

bigon commented Oct 20, 2015

/var/run/systemd/inhibit is not labeled properly here, it's labled as init_var_run_t instead of systemd_logind_var_run_t just after boot

@pebenito
Add systemd build option.
bf0cfe9
@pebenito
Add systemd access vectors.
d326c38
@pebenito
Implement core systemd policy.
3639880 
Significant contributions from the Tresys CLIP team.

Other changes from Laurent Bigonville.
@pebenito
Add supporting rules for domains tightly-coupled with systemd.
5798499
@pebenito
Add rules for sysadm_r to manage the services.
fc2de5c
@pebenito
Add systemd units for core refpolicy services.
f728618 
Only for services that already have a named init script.

Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
@pebenito
Add sysfs_types attribute.
bdfc7e3 
Collect all types used to label sysfs entries.
@pebenito
Add refpolicy core socket-activated services.
4388def
@pebenito
Change policy_config_t to a security file type.
60d8b69 
This fixes an assertion error with systemd_tmpfiles_t. It should
have been a security file for a while.
@pebenito pebenito merged commit 60d8b69 into TresysTechnology:master Oct 23, 2015
pebenito added a commit that referenced this pull request Oct 23, 2015
@pebenito
Merge branch 'pebenito-master'
8409f39 
Closes #8
fishilico pushed a commit to fishilico/old-selinux-refpolicy-patched that referenced this pull request May 10, 2016
Merge pull request TresysTechnology#8 from bigon/geoclue
bc7bc7d 
2 fixes for geoclue module
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pebenito @bigon @perfinion @mgrepl