From: dominick.grift@gmail.com (grift)
Date: Thu, 06 Dec 2012 16:39:38 +0100
Subject: [refpolicy] [PATCH 1/9] Add several named transition for
 directories created in /var/run by initscripts
In-Reply-To: <1354745012-24557-1-git-send-email-bigon@debian.org>
References: <1354745012-24557-1-git-send-email-bigon@debian.org>
Message-ID: <1354808378.25618.75.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2012-12-05 at 23:03 +0100, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> In Debian, /var/run is a tmpfs, this means that the initscripts must
> recreate the needed directories during boot and they must be able to
> transition to the correct context.

This was merged, thanks

> ---
>  cups.te    |    1 +
>  nut.te     |    1 +
>  pcscd.te   |    1 +
>  rpcbind.te |    1 +
>  xen.te     |    1 +
>  5 files changed, 5 insertions(+)
> 
> diff --git a/cups.te b/cups.te
> index 069141c..c1d5b4b 100644
> --- a/cups.te
> +++ b/cups.te
> @@ -59,6 +59,7 @@ files_tmp_file(cupsd_tmp_t)
>  
>  type cupsd_var_run_t;
>  files_pid_file(cupsd_var_run_t)
> +init_daemon_run_dir(cupsd_var_run_t, "cups")
>  mls_trusted_object(cupsd_var_run_t)
>  
>  type hplip_t;
> diff --git a/nut.te b/nut.te
> index 81ee2c6..e525457 100644
> --- a/nut.te
> +++ b/nut.te
> @@ -27,6 +27,7 @@ init_script_file(nut_initrc_exec_t)
>  
>  type nut_var_run_t;
>  files_pid_file(nut_var_run_t)
> +init_daemon_run_dir(nut_var_run_t, "nut")
>  
>  ########################################
>  #
> diff --git a/pcscd.te b/pcscd.te
> index 802728d..4c85dd5 100644
> --- a/pcscd.te
> +++ b/pcscd.te
> @@ -14,6 +14,7 @@ init_script_file(pcscd_initrc_exec_t)
>  
>  type pcscd_var_run_t;
>  files_pid_file(pcscd_var_run_t)
> +init_daemon_run_dir(pcscd_var_run_t, "pcscd")
>  
>  ########################################
>  #
> diff --git a/rpcbind.te b/rpcbind.te
> index 8337482..b00c730 100644
> --- a/rpcbind.te
> +++ b/rpcbind.te
> @@ -14,6 +14,7 @@ init_script_file(rpcbind_initrc_exec_t)
>  
>  type rpcbind_var_run_t;
>  files_pid_file(rpcbind_var_run_t)
> +init_daemon_run_dir(rpcbind_var_run_t, "rpcbind")
>  
>  type rpcbind_var_lib_t;
>  files_type(rpcbind_var_lib_t)
> diff --git a/xen.te b/xen.te
> index 1c9a2f0..0ad5e4d 100644
> --- a/xen.te
> +++ b/xen.te
> @@ -105,6 +105,7 @@ logging_log_file(xenstored_var_log_t)
>  
>  type xenstored_var_run_t;
>  files_pid_file(xenstored_var_run_t)
> +init_daemon_run_dir(xenstored_var_run_t, "xenstored")
>  
>  type xenconsoled_t;
>  type xenconsoled_exec_t;