From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 14 Aug 2014 21:53:32 +0200
Subject: [refpolicy] [PATCH 4/5] Introduce the tmpfiles_t domain
In-Reply-To: <53ED1098.1000401@tresys.com>
References: <1407434738-11937-1-git-send-email-sven.vermeulen@siphos.be>
	<1407434738-11937-5-git-send-email-sven.vermeulen@siphos.be>
	<53ED1098.1000401@tresys.com>
Message-ID: <1408046012.8445.6.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2014-08-14 at 15:40 -0400, Christopher J. PeBenito wrote:
> On 8/7/2014 2:05 PM, Sven Vermeulen wrote:
> > +policy_module(tmpfiles, 1.0.0)
> [...]
> > +type tmpfiles_var_run_t;
> > +files_pid_file(tmpfiles_var_run_t)
> 
> Nothing really jumped out at me as being a problem, but since most
> (all?) distributions have moved towards these files being in /run, I'd
> prefer to get away from having "var_run" in the type names.  Why don't
> we go with something like tmpfiles_run_t or tmpfiles_pid_t?
> 

In that policy tmpfiles is allowed to create chars with type device_t

Also this is not tmpfiles, this is a shell script that mimics tmpfiles

tmpfiles does not run setfiles, it uses libselinux