From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 03 Nov 2013 16:58:58 +0100 Subject: [refpolicy] [PATCH 1/1] Allow rngd to write a pid file In-Reply-To: <20131021183303.GA21172@siphos.be> References: <20131021183303.GA21172@siphos.be> Message-ID: <1383494338.3070.0.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2013-10-21 at 20:33 +0200, Sven Vermeulen wrote: > Signed-off-by: Luis Ressel > Acked-by: Sven Vermeulen This seems to be lacking a file context spec? > --- > rngd.te | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/rngd.te b/rngd.te > index 4ab4eb5..19b66b9 100644 > --- a/rngd.te > +++ b/rngd.te > @@ -12,6 +12,9 @@ init_daemon_domain(rngd_t, rngd_exec_t) > type rngd_initrc_exec_t; > init_script_file(rngd_initrc_exec_t) > > +type rngd_var_run_t; > +files_pid_file(rngd_var_run_t) > + > ######################################## > # > # Local policy > @@ -22,6 +25,9 @@ allow rngd_t self:process signal; > allow rngd_t self:fifo_file rw_fifo_file_perms; > allow rngd_t self:unix_stream_socket { accept listen }; > > +manage_files_pattern(rngd_t, rngd_var_run_t, rngd_var_run_t) > +files_pid_filetrans(rngd_t, rngd_var_run_t, file) > + > kernel_rw_kernel_sysctl(rngd_t) > > dev_read_rand(rngd_t)