From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 25 Feb 2017 09:37:24 -0500 Subject: [refpolicy] [PATCH] new init interfaces for systemd In-Reply-To: <20170224062242.fbwgq3sbbvezawdo@athena.coker.com.au> References: <20170224062242.fbwgq3sbbvezawdo@athena.coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/24/17 01:22, Russell Coker via refpolicy wrote: > These are needed by several patches I'm about to send. Merged. I renamed the init_search_pid_dirs to init_search_pids. > Description: some new interfaces for init/systemd > Author: Russell Coker > Last-Update: 2017-02-24 > > Index: refpolicy-2.20170224/policy/modules/system/init.if > =================================================================== > --- refpolicy-2.20170224.orig/policy/modules/system/init.if > +++ refpolicy-2.20170224/policy/modules/system/init.if > @@ -1135,6 +1232,24 @@ interface(`init_var_lib_filetrans',` > filetrans_pattern($1, init_var_lib_t, $2, $3, $4) > ') > > +###################################### > +## > +## Allow search directory in the /run/systemd directory. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`init_search_pid_dirs',` > + gen_require(` > + type init_var_run_t; > + ') > + > + allow $1 init_var_run_t:dir search_dir_perms; > +') > + > ######################################## > ## > ## Create files in an init PID directory. > @@ -2261,6 +2467,24 @@ interface(`init_rw_script_tmp_files',` > > ######################################## > ## > +## Read and write init script inherited temporary data. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`init_rw_inherited_script_tmp_files',` > + gen_require(` > + type initrc_tmp_t; > + ') > + > + allow $1 initrc_tmp_t:file rw_inherited_file_perms; > +') > + > +######################################## > +## > ## Create files in a init script > ## temporary data directory. > ## > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito