From: dominick.grift@gmail.com (Dominick Grift) Date: Thu, 12 Jul 2012 19:50:25 +0200 Subject: [refpolicy] [PATCH v4 5/5] Allow init scripts to create and manage (udev) /run location In-Reply-To: <1342113477-32751-6-git-send-email-sven.vermeulen@siphos.be> References: <1342113477-32751-1-git-send-email-sven.vermeulen@siphos.be> <1342113477-32751-6-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1342115425.4222.1.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2012-07-12 at 19:17 +0200, Sven Vermeulen wrote: > With udev now using /run for its data, the init script responsible for preparing > the environment to start up udev needs to be able to setup this location as > well. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/init.te | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te > index 0dbd708..e40ae7f 100644 > --- a/policy/modules/system/init.te > +++ b/policy/modules/system/init.te > @@ -277,6 +277,7 @@ kernel_rw_all_sysctls(initrc_t) > kernel_dontaudit_getattr_message_if(initrc_t) > > files_create_lock_dirs(initrc_t) > +files_create_pid_dirs(initrc_t) Does it need to create generic pids as well? > files_pid_filetrans_lock_dir(initrc_t, "lock") > files_read_kernel_symbol_table(initrc_t) > files_setattr_lock_dirs(initrc_t) > @@ -829,7 +830,9 @@ optional_policy(` > > optional_policy(` > udev_rw_db(initrc_t) > + udev_generic_pid_filetrans_run_dirs(initrc_t, "udev") > udev_manage_pid_files(initrc_t) > + udev_manage_pid_dirs(initrc_t) > udev_manage_rules_files(initrc_t) > ') >