init: support sysvinit

Add a permission needed for the correct functioning of sysvinit
on systems using the initramfs.

Without the selinux_get_fs_mount() interface call, the call to
libselinux:is_selinux_enabled() fails and sysvinit tries to do
the initial policy load again.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>

1 files changed, 5 insertions, 0 deletions

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index bd97a7c8..ce6f2f9a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -162,6 +162,7 @@ files_exec_etc_files(init_t)
 files_dontaudit_rw_root_files(init_t)
 files_dontaudit_rw_root_chr_files(init_t)
 
+fs_getattr_xattr_fs(init_t)
 fs_list_inotifyfs(init_t)
 # cjp: this may be related to /dev/log
 fs_write_ramfs_sockets(init_t)
@@ -174,6 +175,10 @@ mls_file_write_all_levels(init_t)
 mls_process_write_all_levels(init_t)
 mls_fd_use_all_levels(init_t)
 
+# the following one is needed for libselinux:is_selinux_enabled()
+# otherwise the call fails and sysvinit tries to load the policy
+# again when using the initramfs
+selinux_get_fs_mount(init_t)
 selinux_set_all_booleans(init_t)
 
 term_use_all_terms(init_t)