From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 31 Jul 2012 19:45:24 +0200 Subject: [refpolicy] [PATCH v2 1/2] Introducing interfaces for /run transitioning In-Reply-To: <1343756725-16022-1-git-send-email-sven.vermeulen@siphos.be> References: <1343756725-16022-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1343756725-16022-2-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com To allow the dbus init scripts to, when they create the /run/dbus directory, automatically transition towards the system_dbusd_var_run_t label, we need to introduce two interfaces: one for the transitioning itself, and one to allow the init script to create directories of system_dbusd_var_run_t type. Signed-off-by: Sven Vermeulen --- dbus.if | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 47 insertions(+), 0 deletions(-) diff --git a/dbus.if b/dbus.if index fb4bf82..b0322b5 100644 --- a/dbus.if +++ b/dbus.if @@ -485,6 +485,53 @@ interface(`dbus_dontaudit_system_bus_rw_tcp_sockets',` ######################################## ## +## Automatically transition towards the system_dbus_var_run_t for resources +## created in the generic var_run_t locations. +## +## +## +## Domain allowed access +## +## +## +## +## Classes supported for the transitioning +## +## +## +## +## Optional file name used for the resources +## +## +# +interface(`dbus_generic_pid_filetrans_system_dbusd_run',` + gen_require(` + type system_dbusd_var_run_t; + ') + + files_pid_filetrans($1, system_dbusd_var_run_t, $2, $3) +') + +########################################## +## +## Create directories with the system_dbusd_var_run_t label +## +## +## +## Domain allowed access +## +## +# +interface(`dbus_create_system_dbusd_run_dirs',` + gen_require(` + type system_dbusd_var_run_t; + ') + + create_dirs_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t) +') + +######################################## +## ## Allow unconfined access to the system DBUS. ## ## -- 1.7.8.6