From: russell@coker.com.au (Russell Coker) Date: Fri, 24 Feb 2017 17:22:42 +1100 Subject: [refpolicy] [PATCH] new init interfaces for systemd Message-ID: <20170224062242.fbwgq3sbbvezawdo@athena.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com These are needed by several patches I'm about to send. Description: some new interfaces for init/systemd Author: Russell Coker Last-Update: 2017-02-24 Index: refpolicy-2.20170224/policy/modules/system/init.if =================================================================== --- refpolicy-2.20170224.orig/policy/modules/system/init.if +++ refpolicy-2.20170224/policy/modules/system/init.if @@ -1135,6 +1232,24 @@ interface(`init_var_lib_filetrans',` filetrans_pattern($1, init_var_lib_t, $2, $3, $4) ') +###################################### +## +## Allow search directory in the /run/systemd directory. +## +## +## +## Domain allowed access. +## +## +# +interface(`init_search_pid_dirs',` + gen_require(` + type init_var_run_t; + ') + + allow $1 init_var_run_t:dir search_dir_perms; +') + ######################################## ## ## Create files in an init PID directory. @@ -2261,6 +2467,24 @@ interface(`init_rw_script_tmp_files',` ######################################## ## +## Read and write init script inherited temporary data. +## +## +## +## Domain allowed access. +## +## +# +interface(`init_rw_inherited_script_tmp_files',` + gen_require(` + type initrc_tmp_t; + ') + + allow $1 initrc_tmp_t:file rw_inherited_file_perms; +') + +######################################## +## ## Create files in a init script ## temporary data directory. ##