2012-09-12 14:36:05

by Laurent Bigonville

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] Allow smartd daemon to write in /var/lib/smartmontools directory

From: Laurent Bigonville <[email protected]>

Allow smartd daemon to save disks state and attributes log in the
/var/lib/smartmontools directory
---
smartmon.fc | 2 +-
smartmon.if | 5 ++++-
smartmon.te | 5 +++++
3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/smartmon.fc b/smartmon.fc
index 268ae3d..dbbc061 100644
--- a/smartmon.fc
+++ b/smartmon.fc
@@ -9,4 +9,4 @@
# /var
#
/var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-
+/var/lib/smartmontools(/.*)? gen_context(system_u:object_r:fsdaemon_var_lib_t,s0)
diff --git a/smartmon.if b/smartmon.if
index adea9f9..fc919bc 100644
--- a/smartmon.if
+++ b/smartmon.if
@@ -37,7 +37,7 @@ interface(`smartmon_read_tmp_files',`
#
interface(`smartmon_admin',`
gen_require(`
- type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
+ type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t, fsdaemon_var_lib_t;
type fsdaemon_initrc_exec_t;
')

@@ -54,4 +54,7 @@ interface(`smartmon_admin',`

files_list_pids($1)
admin_pattern($1, fsdaemon_var_run_t)
+
+ files_list_var_lib($1)
+ admin_pattern($1, fsdaemon_var_lib_t)
')
diff --git a/smartmon.te b/smartmon.te
index 6b3322b..d271119 100644
--- a/smartmon.te
+++ b/smartmon.te
@@ -23,6 +23,9 @@ init_script_file(fsdaemon_initrc_exec_t)
type fsdaemon_var_run_t;
files_pid_file(fsdaemon_var_run_t)

+type fsdaemon_var_lib_t;
+files_type(fsdaemon_var_lib_t)
+
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)

@@ -51,6 +54,8 @@ files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
manage_files_pattern(fsdaemon_t, fsdaemon_var_run_t, fsdaemon_var_run_t)
files_pid_filetrans(fsdaemon_t, fsdaemon_var_run_t, file)

+manage_files_pattern(fsdaemon_t, fsdaemon_var_lib_t, fsdaemon_var_lib_t)
+
kernel_read_kernel_sysctls(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
kernel_read_system_state(fsdaemon_t)
--
1.7.10.4


2012-09-12 14:36:06

by Laurent Bigonville

[permalink] [raw]
Subject: [refpolicy] [PATCH 2/2] Add Debian location for smartd daemon initscript

From: Laurent Bigonville <[email protected]>

smartd initscipt in located at /etc/init.d/smartmontools
---
smartmon.fc | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/smartmon.fc b/smartmon.fc
index dbbc061..570b9f8 100644
--- a/smartmon.fc
+++ b/smartmon.fc
@@ -1,5 +1,9 @@
/etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)

+ifdef(`distro_debian',`
+/etc/rc\.d/init\.d/smartmontools -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)
+')
+
#
# /usr
#
--
1.7.10.4

2012-09-13 12:19:05

by dominick.grift

[permalink] [raw]
Subject: [refpolicy] [PATCH 2/2] Add Debian location for smartd daemon initscript



On Wed, 2012-09-12 at 16:36 +0200, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> smartd initscipt in located at /etc/init.d/smartmontools
> ---
> smartmon.fc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/smartmon.fc b/smartmon.fc
> index dbbc061..570b9f8 100644
> --- a/smartmon.fc
> +++ b/smartmon.fc
> @@ -1,5 +1,9 @@
> /etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)
>
> +ifdef(`distro_debian',`
> +/etc/rc\.d/init\.d/smartmontools -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)
> +')
> +
> #
> # /usr
> #

This was merged. Thanks

2012-09-13 12:19:29

by dominick.grift

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] Allow smartd daemon to write in /var/lib/smartmontools directory



On Wed, 2012-09-12 at 16:36 +0200, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> Allow smartd daemon to save disks state and attributes log in the
> /var/lib/smartmontools directory
> ---
> smartmon.fc | 2 +-
> smartmon.if | 5 ++++-
> smartmon.te | 5 +++++
> 3 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/smartmon.fc b/smartmon.fc
> index 268ae3d..dbbc061 100644
> --- a/smartmon.fc
> +++ b/smartmon.fc
> @@ -9,4 +9,4 @@
> # /var
> #
> /var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
> -
> +/var/lib/smartmontools(/.*)? gen_context(system_u:object_r:fsdaemon_var_lib_t,s0)
> diff --git a/smartmon.if b/smartmon.if
> index adea9f9..fc919bc 100644
> --- a/smartmon.if
> +++ b/smartmon.if
> @@ -37,7 +37,7 @@ interface(`smartmon_read_tmp_files',`
> #
> interface(`smartmon_admin',`
> gen_require(`
> - type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
> + type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t, fsdaemon_var_lib_t;
> type fsdaemon_initrc_exec_t;
> ')
>
> @@ -54,4 +54,7 @@ interface(`smartmon_admin',`
>
> files_list_pids($1)
> admin_pattern($1, fsdaemon_var_run_t)
> +
> + files_list_var_lib($1)
> + admin_pattern($1, fsdaemon_var_lib_t)
> ')
> diff --git a/smartmon.te b/smartmon.te
> index 6b3322b..d271119 100644
> --- a/smartmon.te
> +++ b/smartmon.te
> @@ -23,6 +23,9 @@ init_script_file(fsdaemon_initrc_exec_t)
> type fsdaemon_var_run_t;
> files_pid_file(fsdaemon_var_run_t)
>
> +type fsdaemon_var_lib_t;
> +files_type(fsdaemon_var_lib_t)
> +
> type fsdaemon_tmp_t;
> files_tmp_file(fsdaemon_tmp_t)
>
> @@ -51,6 +54,8 @@ files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
> manage_files_pattern(fsdaemon_t, fsdaemon_var_run_t, fsdaemon_var_run_t)
> files_pid_filetrans(fsdaemon_t, fsdaemon_var_run_t, file)
>
> +manage_files_pattern(fsdaemon_t, fsdaemon_var_lib_t, fsdaemon_var_lib_t)
> +
> kernel_read_kernel_sysctls(fsdaemon_t)
> kernel_read_software_raid_state(fsdaemon_t)
> kernel_read_system_state(fsdaemon_t)

This was merged. Thanks