init: smoother system boot

Improve the initrc domain within the init module with some permissions
needed for a smoother boot.

Let the iptables init scripts read the iptables configuration.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>

1 files changed, 6 insertions, 0 deletions

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 07238399..a01b5093 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -487,6 +487,7 @@ kernel_clear_ring_buffer(initrc_t)
 kernel_get_sysvipc_info(initrc_t)
 kernel_read_all_sysctls(initrc_t)
 kernel_rw_all_sysctls(initrc_t)
+kernel_use_fds(initrc_t)
 # for lsof which is used by alsa shutdown:
 kernel_dontaudit_getattr_message_if(initrc_t)
 # cjp: not sure why these are here; should use mount policy
@@ -494,6 +495,7 @@ kernel_list_unlabeled(initrc_t)
 kernel_mounton_unlabeled_dirs(initrc_t)
 
 files_create_lock_dirs(initrc_t)
+files_manage_all_locks(initrc_t)
 files_pid_filetrans_lock_dir(initrc_t, "lock")
 files_read_kernel_symbol_table(initrc_t)
 files_setattr_lock_dirs(initrc_t)
@@ -1116,6 +1118,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	iptables_read_config(initrc_t)
+')
+
+optional_policy(`
 	iscsi_stream_connect(initrc_t)
 	iscsi_read_lib_files(initrc_t)
 ')