From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 31 Jul 2012 19:45:25 +0200
Subject: [refpolicy] [PATCH v2 2/2] Introduce interfaces for mysql /run
	support
In-Reply-To: <1343756725-16022-1-git-send-email-sven.vermeulen@siphos.be>
References: <1343756725-16022-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1343756725-16022-3-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

To allow the mysql init scripts to create /run/mysqld, we need to include three
interfaces from mysql: one to support the file transition towards
mysqld_var_run_t, one to allow the init scripts to create
mysqld_var_run_t-labeled directories and one to change the attributes of the
directory (change ownership)

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 mysql.if |   65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 65 insertions(+), 0 deletions(-)

diff --git a/mysql.if b/mysql.if
index e9c0982..6b9b5f5 100644
--- a/mysql.if
+++ b/mysql.if
@@ -311,6 +311,71 @@ interface(`mysql_search_pid_files',`
 	search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
 ')
 
+#######################################
+## <summary>
+##	Automatically use the MySQL run label for created resources in the
+##	generic run location(s).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to have automatic transitioning
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Resource class for which an automatic transition should occur
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	The name of the resource being created
+##	</summary>
+## </param>
+#
+interface(`mysql_generic_run_filetrans_pid',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	files_pid_filetrans($1, mysqld_var_run_t, $2, $3)
+')
+
+#######################################
+## <summary>
+##	Change the attributes of the MySQL run dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`mysql_setattr_run_dirs',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	setattr_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
+')
+
+#######################################
+## <summary>
+##	Create MySQLd run directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`mysql_create_run_dirs',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	create_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to administrate an mysql environment
-- 
1.7.8.6