From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 25 Jul 2012 12:59:44 +0200 Subject: [refpolicy] [PATCH 1/2] DHCP client's hooks create /run/dhcpc directory In-Reply-To: <1343213985-3593-1-git-send-email-sven.vermeulen@siphos.be> References: <1343213985-3593-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1343213985-3593-2-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This directory contains the working files for updating network-related files (like resolv.conf for name servers) before they are copied to the fixed location. Although already in use previously, this location (/var/run/dhcpc or /var/run/dhcpcd) was statically defined on the system. With the introduction of /run and systems having /var/run -> /run, this is now a dynamically created directory by dhcpc_t. Hence, the policy is enhanced allowing dhcpc_t to manage dhcpc_var_run_t directories, and include a file transition for directories created in the var_run_t location(s). Signed-off-by: Sven Vermeulen --- policy/modules/system/sysnetwork.te | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index 8aed9d0..f3f9d47 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -65,7 +65,8 @@ filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file) # create pid file manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t) -files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file) +manage_dirs_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t) +files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir }) # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files # in /etc created by dhcpcd will be labelled net_conf_t. -- 1.7.8.6