On Mon, Feb 20, 2012 at 10:05:22PM +0100, Tomáš Dobrovolný wrote: > Maybe to allow it to all init scripts is too strong. It will be better > to allow it only for specialized scripts ... only one /etc/init.d/sysctl ;-)
There's little choice here. Either the script runs as initrc_t, or we
transition when we call sysctl (to sysctl_t or so). Individual initrc_t
domains (like sysctl_initrc_t) we don't support (yet).
Wkr,
Sven Vermeulen
