From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 27 Jun 2012 23:52:11 +0200 Subject: [refpolicy] [PATCH 4/6] Allow init scripts to populate /run location In-Reply-To: <1340833933-27811-1-git-send-email-sven.vermeulen@siphos.be> References: <1340833933-27811-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1340833933-27811-5-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com At boot up, the /run location is empty, and init scripts are responsible for creating the necessary structure within to support their services. This means, adding entries like for the lock folder (/run/lock). Signed-off-by: Sven Vermeulen --- policy/modules/system/init.te | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 7dfd9a9..8667e14 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -275,7 +275,10 @@ kernel_rw_all_sysctls(initrc_t) # for lsof which is used by alsa shutdown: kernel_dontaudit_getattr_message_if(initrc_t) +files_create_lock_dirs(initrc_t) +files_pid_filetrans_lock_dir(initrc_t, "lock") files_read_kernel_symbol_table(initrc_t) +files_setattr_lock_dirs(initrc_t) corecmd_exec_all_executables(initrc_t) @@ -451,6 +454,7 @@ ifdef(`distro_gentoo',` # allow bootmisc to create /var/lock/.keep. files_manage_generic_locks(initrc_t) + files_pid_filetrans(initrc_t, initrc_state_t, dir, "openrc") # openrc uses tmpfs for its state data fs_tmpfs_filetrans(initrc_t, initrc_state_t, { dir file fifo_file lnk_file }) -- 1.7.3.4