From: jason@perfinion.com (Jason Zaman) Date: Thu, 24 Jul 2014 14:36:08 +0400 Subject: [refpolicy] [PATCH] label for /run/tmpfiles.d In-Reply-To: <20140724114729.41703a93@soldur.bigon.be> References: <1406148340-10759-1-git-send-email-jason@perfinion.com> <20140724114729.41703a93@soldur.bigon.be> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 24 Jul 2014 13:47, "Laurent Bigonville" wrote: > > Le Thu, 24 Jul 2014 00:45:40 +0400, > Jason Zaman a ?crit : > > > kmod puts a file in /run/tmpfiles.d which then gets used by tmpfiles. > > This patch was mostly taken from the fedora policy. > > /run/tmpfiles.d is owned by systemd-tmpfiles so it should probably be > labeled as part of this (still inexistant in refpolicy) module if we > wants a dedicated context for this directory. Having a tmpfiles module for this is doable (where would it go in the tree? I'm assuming not contrib/?) I need this for OpenRC too since it also uses tmpfiles so it is not necessarily "systemd". The labels should definitely be in sync for both tho. Should it be tmpfiles_var_run_t and tmpfiles_etc_t? Alternatively I could keep it in the Gentoo policy till the systemd stuff is done but I would rather get the labels in sync first. -- Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140724/e01d951c/attachment.html