From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 12 Jul 2012 21:11:56 +0200 Subject: [refpolicy] [PATCH v4 5/5] Allow init scripts to create and manage (udev) /run location In-Reply-To: <1342118093.4222.3.camel@d30.localdomain> References: <1342113477-32751-1-git-send-email-sven.vermeulen@siphos.be> <1342113477-32751-6-git-send-email-sven.vermeulen@siphos.be> <1342115425.4222.1.camel@d30.localdomain> <20120712181124.GA1433@siphos.be> <1342118093.4222.3.camel@d30.localdomain> Message-ID: <20120712191156.GA2227@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, Jul 12, 2012 at 08:34:53PM +0200, Dominick Grift wrote: > On Thu, 2012-07-12 at 20:11 +0200, Sven Vermeulen wrote: > > On Thu, Jul 12, 2012 at 07:50:25PM +0200, Dominick Grift wrote: > > > > --- a/policy/modules/system/init.te > > > > +++ b/policy/modules/system/init.te > > > > @@ -277,6 +277,7 @@ kernel_rw_all_sysctls(initrc_t) > > > > kernel_dontaudit_getattr_message_if(initrc_t) > > > > > > > > files_create_lock_dirs(initrc_t) > > > > +files_create_pid_dirs(initrc_t) > > > > > > Does it need to create generic pids as well? > > > > For the moment I have not seen the need for it. Most applications write > > their own pid file, or the pid files are written in a specific pid directory > > (so init scripts do not need to write var_run_t files). > > Sorry, what i meant to say was: Does it need to create generic pid dirs > as well? It seems to require this, yes. We have reports for /run/udisks2, /run/pm-utils, /run/openrc, /run/lightdm and /run/ConsoleKit for now. I'll see if these don't need to become their own subtype. Wkr, Sven Vermeulen