From: dominick.grift@gmail.com (Dominick Grift)
Date: Sun, 13 Jan 2013 21:03:05 +0100
Subject: [refpolicy] [PATCH 07/13] Label var_lock_t as a mountpoint in
 Debian
In-Reply-To: <CAPzO=NwYTi-uBVsUdNu8dK3Qh4HXnuAu1c3QPCj7EHo5230sog@mail.gmail.com>
References: <1358026351-12955-1-git-send-email-bigon@debian.org>
	<1358026351-12955-8-git-send-email-bigon@debian.org>
	<CAPzO=NwYTi-uBVsUdNu8dK3Qh4HXnuAu1c3QPCj7EHo5230sog@mail.gmail.com>
Message-ID: <1358107385.2495.12.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2013-01-13 at 19:30 +0100, Sven Vermeulen wrote:
> Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) mountpoint
> and the lock subdirectory just that - a subdirectory?
> 
> I've seen 5 distributions using /var/run as either be a tmpfs, or a symlink
> to /run which is a tmpfs.
> 
> 

They both are mountpoints in debian (/run and /run/lock)

At least that is what i saw from Laurents mount command output

> On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville <bigon@debian.org>wrote:
> 
> > From: Laurent Bigonville <bigon@bigon.be>
> >
> > In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs
> > mount.
> > ---
> >  policy/modules/kernel/files.te |    4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/policy/modules/kernel/files.te
> > b/policy/modules/kernel/files.te
> > index 148d87a..a5554e8 100644
> > --- a/policy/modules/kernel/files.te
> > +++ b/policy/modules/kernel/files.te
> > @@ -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem *;
> >  tunable_policy(`allow_execmod',`
> >         allow files_unconfined_type file_type:file execmod;
> >  ')
> > +
> > +ifdef(`distro_debian',`
> > +       files_mountpoint(var_lock_t)
> > +')
> > --
> > 1.7.10.4
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> >
> Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs)
> mountpoint and the lock subdirectory just that - a subdirectory?
> 
> 
> I've seen 5 distributions using /var/run as either be a tmpfs, or a
> symlink to /run which is a tmpfs. 
> 
> 
> 
> On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville
> <bigon@debian.org> wrote:
>         From: Laurent Bigonville <bigon@bigon.be>
>         
>         In Debian, /var/lock is a symlink to /var/run/lock which is a
>         tmpfs
>         mount.
>         ---
>          policy/modules/kernel/files.te |    4 ++++
>          1 file changed, 4 insertions(+)
>         
>         diff --git a/policy/modules/kernel/files.te
>         b/policy/modules/kernel/files.te
>         index 148d87a..a5554e8 100644
>         --- a/policy/modules/kernel/files.te
>         +++ b/policy/modules/kernel/files.te
>         @@ -232,3 +232,7 @@ allow files_unconfined_type
>         file_type:filesystem *;
>          tunable_policy(`allow_execmod',`
>                 allow files_unconfined_type file_type:file execmod;
>          ')
>         +
>         +ifdef(`distro_debian',`
>         +       files_mountpoint(var_lock_t)
>         +')
>         --
>         1.7.10.4
>         
>         _______________________________________________
>         refpolicy mailing list
>         refpolicy at oss.tresys.com
>         http://oss.tresys.com/mailman/listinfo/refpolicy
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy