This directory contains the working files for updating network-related files
(like resolv.conf for name servers) before they are copied to the fixed
location. Although already in use previously, this location (/var/run/dhcpc or
/var/run/dhcpcd) was statically defined on the system.
With the introduction of /run and systems having /var/run -> /run, this is now a
dynamically created directory by dhcpc_t. Hence, the policy is enhanced allowing
dhcpc_t to create dhcpc_var_run_t directories, and include a file transition for
directories created in the var_run_t location(s).
Changes since v1
----------------
- Use create_dirs_pattern instead of manage_dirs_pattern
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/system/sysnetwork.te | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index ed363e1..11a02a3 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -65,7 +65,8 @@ filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
# create pid file
manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
-files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file)
+create_dirs_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
+files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir })
# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
# in /etc created by dhcpcd will be labelled net_conf_t.
--
1.7.8.6
On 08/15/12 03:30, Sven Vermeulen wrote:
> This directory contains the working files for updating network-related files
> (like resolv.conf for name servers) before they are copied to the fixed
> location. Although already in use previously, this location (/var/run/dhcpc or
> /var/run/dhcpcd) was statically defined on the system.
>
> With the introduction of /run and systems having /var/run -> /run, this is now a
> dynamically created directory by dhcpc_t. Hence, the policy is enhanced allowing
> dhcpc_t to create dhcpc_var_run_t directories, and include a file transition for
> directories created in the var_run_t location(s).
Merged.
> Changes since v1
> ----------------
> - Use create_dirs_pattern instead of manage_dirs_pattern
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/system/sysnetwork.te | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index ed363e1..11a02a3 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -65,7 +65,8 @@ filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
>
> # create pid file
> manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
> -files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file)
> +create_dirs_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
> +files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir })
>
> # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
> # in /etc created by dhcpcd will be labelled net_conf_t.
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com