From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 18 Aug 2014 12:51:18 -0400
Subject: [refpolicy] [PATCH 4/5] Introduce the tmpfiles_t domain
In-Reply-To: <20140815093523.GB5715@siphos.be>
References: <1407434738-11937-1-git-send-email-sven.vermeulen@siphos.be>	<1407434738-11937-5-git-send-email-sven.vermeulen@siphos.be>	<53ED1098.1000401@tresys.com>
	<20140815093523.GB5715@siphos.be>
Message-ID: <53F22F06.2030905@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 8/15/2014 5:35 AM, Sven Vermeulen wrote:
> On Thu, Aug 14, 2014 at 03:40:08PM -0400, Christopher J. PeBenito wrote:
>> On 8/7/2014 2:05 PM, Sven Vermeulen wrote:
>>> +policy_module(tmpfiles, 1.0.0)
>> [...]
>>> +type tmpfiles_var_run_t;
>>> +files_pid_file(tmpfiles_var_run_t)
>>
>> Nothing really jumped out at me as being a problem, but since most
>> (all?) distributions have moved towards these files being in /run, I'd
>> prefer to get away from having "var_run" in the type names.  Why don't
>> we go with something like tmpfiles_run_t or tmpfiles_pid_t?
> 
> I prefer the _run_t suffix, even though this would mean that there will be
> interfaces ending with "_run" which aren't the standard _run interfaces (as
> in, assign role and perform a domain transition).
> 
> But unless some developer starts naming an application "read" or "manage", I
> think we can deal with that through the name: tmpfiles_read_run versus
> tmpfiles_run.
> 
> I'm okay with _pid_t too, but I prefer _run_t because _pid_t "sounds" like
> it is specific to pid files (*.pid) whereas /run resources are used for
> much, more more than that.

How about _runtime?  There already are a couple types with that naming.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com