From: dominick.grift@gmail.com (grift) Date: Wed, 05 Dec 2012 22:58:51 +0100 Subject: [refpolicy] [PATCH 5/7] init.if: Add init_daemon_run_file interface In-Reply-To: <1354739968-4547-5-git-send-email-bigon@debian.org> References: <1354739968-4547-1-git-send-email-bigon@debian.org> <1354739968-4547-5-git-send-email-bigon@debian.org> Message-ID: <1354744731.25618.25.camel@localhost> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2012-12-05 at 21:39 +0100, Laurent Bigonville wrote: > From: Laurent Bigonville > > This is allowing initscripts to create pidfile and to let them > transition to their context > --- > policy/modules/system/init.if | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if > index 3f0c2d3..cb26dda 100644 > --- a/policy/modules/system/init.if > +++ b/policy/modules/system/init.if > @@ -444,6 +444,33 @@ interface(`init_daemon_run_dir',` > > ######################################## > ##

> +## Mark the file type as a pid file, allowing initrc_t > +## to create it > +##

> +## > +##

> +## Type to mark as a pid file > +##

> +## > +## > +##

> +## Filename of the file that the init script creates > +##

> +## > +# > +interface(`init_daemon_run_file',` > + gen_require(` > + attribute pidfile; > + type initrc_t; > + ') > + > + typeattribute $1 pidfile; > + > + files_pid_filetrans(initrc_t, $1, file, $2) > +') Better use: ## ##

## The name of the object being created. ##

## # instead of: ## ##

## Filename of the file that the init script creates ##

## For consistency > +######################################## > +##

> ## Execute init (/sbin/init) with a domain transition. > ##

> ##