From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Mon, 21 Oct 2013 20:33:03 +0200 Subject: [refpolicy] [PATCH 1/1] Allow rngd to write a pid file Message-ID: <20131021183303.GA21172@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Luis Ressel Acked-by: Sven Vermeulen --- rngd.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rngd.te b/rngd.te index 4ab4eb5..19b66b9 100644 --- a/rngd.te +++ b/rngd.te @@ -12,6 +12,9 @@ init_daemon_domain(rngd_t, rngd_exec_t) type rngd_initrc_exec_t; init_script_file(rngd_initrc_exec_t) +type rngd_var_run_t; +files_pid_file(rngd_var_run_t) + ######################################## # # Local policy @@ -22,6 +25,9 @@ allow rngd_t self:process signal; allow rngd_t self:fifo_file rw_fifo_file_perms; allow rngd_t self:unix_stream_socket { accept listen }; +manage_files_pattern(rngd_t, rngd_var_run_t, rngd_var_run_t) +files_pid_filetrans(rngd_t, rngd_var_run_t, file) + kernel_rw_kernel_sysctl(rngd_t) dev_read_rand(rngd_t) -- 1.8.1.5