From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 12 Jul 2012 19:17:55 +0200 Subject: [refpolicy] [PATCH v4 3/5] Allow init scripts to populate /run location In-Reply-To: <1342113477-32751-1-git-send-email-sven.vermeulen@siphos.be> References: <1342113477-32751-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1342113477-32751-4-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com At boot up, the /run location is empty, and init scripts are responsible for creating the necessary structure within to support their services. This means, adding entries like for the lock folder (/run/lock). Signed-off-by: Sven Vermeulen --- policy/modules/system/init.te | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 953d586..0dbd708 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -276,7 +276,10 @@ kernel_rw_all_sysctls(initrc_t) # for lsof which is used by alsa shutdown: kernel_dontaudit_getattr_message_if(initrc_t) +files_create_lock_dirs(initrc_t) +files_pid_filetrans_lock_dir(initrc_t, "lock") files_read_kernel_symbol_table(initrc_t) +files_setattr_lock_dirs(initrc_t) corecmd_exec_all_executables(initrc_t) @@ -452,6 +455,7 @@ ifdef(`distro_gentoo',` # allow bootmisc to create /var/lock/.keep. files_manage_generic_locks(initrc_t) + files_pid_filetrans(initrc_t, initrc_state_t, dir, "openrc") # openrc uses tmpfs for its state data fs_tmpfs_filetrans(initrc_t, initrc_state_t, { dir file fifo_file lnk_file }) -- 1.7.8.6