From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 30 Oct 2012 22:51:55 +0100 Subject: [refpolicy] [PATCH 3/4] Gentoo openrc migrates /var/run and /var/lock data to /run(/lock) In-Reply-To: <1351633916-29606-1-git-send-email-sven.vermeulen@siphos.be> References: <1351633916-29606-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1351633916-29606-4-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Gentoo's OpenRC init framework handles the migration of data from /var/run to /run, and /var/lock to /run/lock. To deal with this, openrc uses "cp -a -r /var/run /run" and "cp -a -r /var/lock/* /run/lock". When done, it will create symlinks in /var towards the new locations. As a result, initrc_t needs to be able to manage symlinks in /var, as well as manage all pidfile content (needed for the migration of /var/run/* towards /run). Signed-off-by: Sven Vermeulen --- policy/modules/system/init.te | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 1b32148..106d6be 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -86,7 +86,6 @@ files_pid_file(initrc_var_run_t) ifdef(`distro_gentoo',` type rc_exec_t; domain_entry_file(initrc_t, rc_exec_t) - ') ifdef(`enable_mls',` @@ -461,8 +460,10 @@ ifdef(`distro_gentoo',` dev_delete_generic_dirs(initrc_t) dev_setattr_generic_dirs(initrc_t) + files_manage_all_pids(initrc_t) # allow bootmisc to create /var/lock/.keep. files_manage_generic_locks(initrc_t) + files_manage_var_symlinks(initrc_t) files_pid_filetrans(initrc_t, initrc_state_t, dir, "openrc") # openrc uses tmpfs for its state data -- 1.7.8.6