From: bigon@debian.org (Laurent Bigonville)
Date: Wed,  5 Dec 2012 23:03:24 +0100
Subject: [refpolicy] [PATCH 1/9] Add several named transition for
	directories created in /var/run by initscripts
Message-ID: <1354745012-24557-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

In Debian, /var/run is a tmpfs, this means that the initscripts must
recreate the needed directories during boot and they must be able to
transition to the correct context.
---
 cups.te    |    1 +
 nut.te     |    1 +
 pcscd.te   |    1 +
 rpcbind.te |    1 +
 xen.te     |    1 +
 5 files changed, 5 insertions(+)

diff --git a/cups.te b/cups.te
index 069141c..c1d5b4b 100644
--- a/cups.te
+++ b/cups.te
@@ -59,6 +59,7 @@ files_tmp_file(cupsd_tmp_t)
 
 type cupsd_var_run_t;
 files_pid_file(cupsd_var_run_t)
+init_daemon_run_dir(cupsd_var_run_t, "cups")
 mls_trusted_object(cupsd_var_run_t)
 
 type hplip_t;
diff --git a/nut.te b/nut.te
index 81ee2c6..e525457 100644
--- a/nut.te
+++ b/nut.te
@@ -27,6 +27,7 @@ init_script_file(nut_initrc_exec_t)
 
 type nut_var_run_t;
 files_pid_file(nut_var_run_t)
+init_daemon_run_dir(nut_var_run_t, "nut")
 
 ########################################
 #
diff --git a/pcscd.te b/pcscd.te
index 802728d..4c85dd5 100644
--- a/pcscd.te
+++ b/pcscd.te
@@ -14,6 +14,7 @@ init_script_file(pcscd_initrc_exec_t)
 
 type pcscd_var_run_t;
 files_pid_file(pcscd_var_run_t)
+init_daemon_run_dir(pcscd_var_run_t, "pcscd")
 
 ########################################
 #
diff --git a/rpcbind.te b/rpcbind.te
index 8337482..b00c730 100644
--- a/rpcbind.te
+++ b/rpcbind.te
@@ -14,6 +14,7 @@ init_script_file(rpcbind_initrc_exec_t)
 
 type rpcbind_var_run_t;
 files_pid_file(rpcbind_var_run_t)
+init_daemon_run_dir(rpcbind_var_run_t, "rpcbind")
 
 type rpcbind_var_lib_t;
 files_type(rpcbind_var_lib_t)
diff --git a/xen.te b/xen.te
index 1c9a2f0..0ad5e4d 100644
--- a/xen.te
+++ b/xen.te
@@ -105,6 +105,7 @@ logging_log_file(xenstored_var_log_t)
 
 type xenstored_var_run_t;
 files_pid_file(xenstored_var_run_t)
+init_daemon_run_dir(xenstored_var_run_t, "xenstored")
 
 type xenconsoled_t;
 type xenconsoled_exec_t;
-- 
1.7.10.4