From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 7 Aug 2012 13:22:13 -0400
Subject: [refpolicy] [PATCH v2 1/2] DHCP client's hooks create
 /run/dhcpc directory
In-Reply-To: <1343756789-16068-2-git-send-email-sven.vermeulen@siphos.be>
References: <1343756789-16068-1-git-send-email-sven.vermeulen@siphos.be>
	<1343756789-16068-2-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <50214EC5.7010005@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/31/12 13:46, Sven Vermeulen wrote:
> This directory contains the working files for updating network-related files
> (like resolv.conf for name servers) before they are copied to the fixed
> location. Although already in use previously, this location (/var/run/dhcpc or
> /var/run/dhcpcd) was statically defined on the system.
> 
> With the introduction of /run and systems having /var/run -> /run, this is now a
> dynamically created directory by dhcpc_t. Hence, the policy is enhanced allowing
> dhcpc_t to manage dhcpc_var_run_t directories, and include a file transition for
> directories created in the var_run_t location(s).
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/sysnetwork.te |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index 8aed9d0..f3f9d47 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -65,7 +65,8 @@ filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
>  
>  # create pid file
>  manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
> -files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file)
> +manage_dirs_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)

Does it actually delete dirs?  Wouldn't create_dirs_pattern() be sufficient?

> +files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir })

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com