From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 11 May 2017 19:48:04 -0400
Subject: [refpolicy] [PATCH 2/2] chronyd: Allow init scripts to create
 /run/chrony
In-Reply-To: <20170508182430.13014-2-aranea@aixah.de>
References: <20170508182430.13014-1-aranea@aixah.de>
	<20170508182430.13014-2-aranea@aixah.de>
Message-ID: <623fcb50-ebbe-df46-b34a-6d783b4b9220@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/08/2017 02:24 PM, Luis Ressel via refpolicy wrote:
> Remark: So far, chronyd.fc only contains /run/chronyd, but chrony's
> default location is actually /run/chrony, so I've added that to the fc.
>
> This commit also fixes a bug in the fc: It said (/.*) instead of (/.*)?
> ---
>  chronyd.fc | 2 +-
>  chronyd.te | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/chronyd.fc b/chronyd.fc
> index 6b7f1ba..5ee3551 100644
> --- a/chronyd.fc
> +++ b/chronyd.fc
> @@ -14,6 +14,6 @@
>
>  /var/log/chrony(/.*)?				gen_context(system_u:object_r:chronyd_var_log_t,s0)
>
> -/run/chronyd(/.*)				gen_context(system_u:object_r:chronyd_var_run_t,s0)
> +/run/chronyd?(/.*)?				gen_context(system_u:object_r:chronyd_var_run_t,s0)
>  /run/chronyd\.pid			--	gen_context(system_u:object_r:chronyd_var_run_t,s0)
>  /run/chronyd\.sock			-s	gen_context(system_u:object_r:chronyd_var_run_t,s0)
> diff --git a/chronyd.te b/chronyd.te
> index 3e9a1c5..62ddd0b 100644
> --- a/chronyd.te
> +++ b/chronyd.te
> @@ -28,7 +28,7 @@ type chronyd_var_log_t;
>  logging_log_file(chronyd_var_log_t)
>
>  type chronyd_var_run_t;
> -files_pid_file(chronyd_var_run_t)
> +init_daemon_pid_file(chronyd_var_run_t, dir, "chrony")
>
>  ########################################
>  #

Merged.

-- 
Chris PeBenito