From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 21 Oct 2013 20:33:03 +0200
Subject: [refpolicy] [PATCH 1/1] Allow rngd to write a pid file
Message-ID: <20131021183303.GA21172@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Signed-off-by: Luis Ressel <aranea@aixah.de>
Acked-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 rngd.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rngd.te b/rngd.te
index 4ab4eb5..19b66b9 100644
--- a/rngd.te
+++ b/rngd.te
@@ -12,6 +12,9 @@ init_daemon_domain(rngd_t, rngd_exec_t)
 type rngd_initrc_exec_t;
 init_script_file(rngd_initrc_exec_t)
 
+type rngd_var_run_t;
+files_pid_file(rngd_var_run_t)
+
 ########################################
 #
 # Local policy
@@ -22,6 +25,9 @@ allow rngd_t self:process signal;
 allow rngd_t self:fifo_file rw_fifo_file_perms;
 allow rngd_t self:unix_stream_socket { accept listen };
 
+manage_files_pattern(rngd_t, rngd_var_run_t, rngd_var_run_t)
+files_pid_filetrans(rngd_t, rngd_var_run_t, file)
+
 kernel_rw_kernel_sysctl(rngd_t)
 
 dev_read_rand(rngd_t)
-- 
1.8.1.5