From: aranea@aixah.de (Luis Ressel)
Date: Mon,  8 May 2017 20:24:30 +0200
Subject: [refpolicy] [PATCH 2/2] chronyd: Allow init scripts to create
	/run/chrony
In-Reply-To: <20170508182430.13014-1-aranea@aixah.de>
References: <20170508182430.13014-1-aranea@aixah.de>
Message-ID: <20170508182430.13014-2-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Remark: So far, chronyd.fc only contains /run/chronyd, but chrony's
default location is actually /run/chrony, so I've added that to the fc.

This commit also fixes a bug in the fc: It said (/.*) instead of (/.*)?
---
 chronyd.fc | 2 +-
 chronyd.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/chronyd.fc b/chronyd.fc
index 6b7f1ba..5ee3551 100644
--- a/chronyd.fc
+++ b/chronyd.fc
@@ -14,6 +14,6 @@
 
 /var/log/chrony(/.*)?				gen_context(system_u:object_r:chronyd_var_log_t,s0)
 
-/run/chronyd(/.*)				gen_context(system_u:object_r:chronyd_var_run_t,s0)
+/run/chronyd?(/.*)?				gen_context(system_u:object_r:chronyd_var_run_t,s0)
 /run/chronyd\.pid			--	gen_context(system_u:object_r:chronyd_var_run_t,s0)
 /run/chronyd\.sock			-s	gen_context(system_u:object_r:chronyd_var_run_t,s0)
diff --git a/chronyd.te b/chronyd.te
index 3e9a1c5..62ddd0b 100644
--- a/chronyd.te
+++ b/chronyd.te
@@ -28,7 +28,7 @@ type chronyd_var_log_t;
 logging_log_file(chronyd_var_log_t)
 
 type chronyd_var_run_t;
-files_pid_file(chronyd_var_run_t)
+init_daemon_pid_file(chronyd_var_run_t, dir, "chrony")
 
 ########################################
 #
-- 
2.12.2