From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 3 Jan 2013 10:30:50 -0500
Subject: [refpolicy] [PATCH 2/8] lvscan creates the /run/lock/lvm
 directory if nonexisting (v2)
In-Reply-To: <1355737370-27628-3-git-send-email-sven.vermeulen@siphos.be>
References: <1355737370-27628-1-git-send-email-sven.vermeulen@siphos.be>
	<1355737370-27628-3-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <50E5A42A.6050101@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/17/12 04:42, Sven Vermeulen wrote:
> If the /run/lock/lvm directory doesn't exist yet, running any of the LVM tools
> (like lvscan) will create this directory. Introduce a named file transition for
> the lock location when a directory named "lvm" is created and grant the
> necessary rights to create the directory.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/lvm.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
> index f8eeecd..a712d85 100644
> --- a/policy/modules/system/lvm.te
> +++ b/policy/modules/system/lvm.te
> @@ -192,7 +192,9 @@ can_exec(lvm_t, lvm_exec_t)
>  
>  # Creating lock files
>  manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
> +create_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
>  files_lock_filetrans(lvm_t, lvm_lock_t, file)
> +files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm")
>  
>  manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
>  manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com