From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 21 Aug 2012 15:25:31 -0400 Subject: [refpolicy] [PATCH v2 1/1] DHCP client's hooks create /run/dhcpc directory In-Reply-To: <20120815073054.GA31895@siphos.be> References: <20120815073054.GA31895@siphos.be> Message-ID: <5033E0AB.1070806@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/15/12 03:30, Sven Vermeulen wrote: > This directory contains the working files for updating network-related files > (like resolv.conf for name servers) before they are copied to the fixed > location. Although already in use previously, this location (/var/run/dhcpc or > /var/run/dhcpcd) was statically defined on the system. > > With the introduction of /run and systems having /var/run -> /run, this is now a > dynamically created directory by dhcpc_t. Hence, the policy is enhanced allowing > dhcpc_t to create dhcpc_var_run_t directories, and include a file transition for > directories created in the var_run_t location(s). Merged. > Changes since v1 > ---------------- > - Use create_dirs_pattern instead of manage_dirs_pattern > > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/sysnetwork.te | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te > index ed363e1..11a02a3 100644 > --- a/policy/modules/system/sysnetwork.te > +++ b/policy/modules/system/sysnetwork.te > @@ -65,7 +65,8 @@ filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file) > > # create pid file > manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t) > -files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file) > +create_dirs_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t) > +files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir }) > > # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files > # in /etc created by dhcpcd will be labelled net_conf_t. > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com