TOMOYO

Fork

[tomoyo-dev-en 366] [PATCH] init_policy: do not let 'systemctl daemon-reexec' confuse tomoyo

Shawn Landden shawn****@churc*****
Wed Nov 20 06:14:07 JST 2013

• Previous message: [tomoyo-dev-en 365] [PATCH 2/2] init_policy: add Debian multi-arch lib directories to make_ldconfig_readable_files()
• Next message: [tomoyo-dev-en 367] [PATCH] init_policy: do not let 'systemctl daemon-reexec' confuse tomoyo
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---
 usr_lib_tomoyo/init_policy.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/usr_lib_tomoyo/init_policy.c b/usr_lib_tomoyo/init_policy.c
index c0ec4b0..92fd921 100644
--- a/usr_lib_tomoyo/init_policy.c
+++ b/usr_lib_tomoyo/init_policy.c
@@ -306,6 +306,18 @@ static void scan_init_scripts(void)
 }
 
 /**
+ * make_systemd_exceptions - Exceptions specific to systemd
+ *
+ * Returns nothing.
+ */
+static void make_systemd_exceptions(void)
+{
+	/* when systemd restarts with a new version, it bypasses the symlink */
+	fprintf(filp, "aggregator /lib/systemd/systemd /sbin/init\n"
+	              "aggregator /usr/lib/systemd/systemd /sbin/init\n");
+}
+
+/**
  * make_init_scripts_as_aggregators - Use realpath for startup/shutdown scripts in /etc/ directory.
  *
  * Returns nothing.
@@ -831,7 +843,8 @@ static void make_exception_policy(void)
 		make_init_dir_as_initializers();
 		make_initializers();
 		make_init_scripts_as_aggregators();
-	}
+	} else
+		make_systemd_exceptions();
 	/* Some applications do execve("/proc/self/exe"). */
 	fprintf(filp, "aggregator proc:/self/exe /proc/self/exe\n");
 	close_file(filp, chdir_policy(), "exception_policy.tmp",
-- 
1.8.4.3

• Previous message: [tomoyo-dev-en 365] [PATCH 2/2] init_policy: add Debian multi-arch lib directories to make_ldconfig_readable_files()
• Next message: [tomoyo-dev-en 367] [PATCH] init_policy: do not let 'systemctl daemon-reexec' confuse tomoyo
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]