From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 10 Nov 2012 18:35:23 +0100
Subject: [refpolicy] [PATCH 1/4] lvscan creates the /run/lock/lvm directory
	if nonexisting
In-Reply-To: <1352568926-21328-1-git-send-email-sven.vermeulen@siphos.be>
References: <1352568926-21328-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1352568926-21328-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

If the /run/lock/lvm directory doesn't exist yet, running any of the LVM tools
(like lvscan) will create this directory. Introduce a named file transition for
the lock location when a directory named "lvm" is created.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/lvm.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index f8eeecd..0814f4c 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -193,6 +193,7 @@ can_exec(lvm_t, lvm_exec_t)
 # Creating lock files
 manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
 files_lock_filetrans(lvm_t, lvm_lock_t, file)
+files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm")
 
 manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
 manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
-- 
1.7.8.6