Package: selinux-policy-default Version: 2:2.20110726-3 Severity: normal Upstart runs as init_t. When running SysV init scripts, Upstart transitions to initrc_t when the init script is run, then transitions again to an appropriate domain when the daemon executable is run.
However, when managing jobs directly with Upstart (for example, sshd in Ubuntu), this doesn't work properly. Upstart does not transition to initrc_t before running the daemon executable, so the normal daemon transition does not occur. The simple fix is to edit the Upstart job and have it run the daemon using 'runcon'. However, this is not really a scalable solution. The best way I can think to fix this is to extend the policy to allow init_t to transition directly to daemon contexts. Basically, in policy/modules/system/init.if, domtrans_pattern(init_t, $2, $1) should be added next to any call to domtrans_pattern(initrc_t, $2, $1). I can submit a patch for this if it would help. Of course, I'm open to other fixes if someone knows of a better solution. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
