These are needed by several patches I'm about to send.
Description: some new interfaces for init/systemd
Author: Russell Coker <[email protected]>
Last-Update: 2017-02-24
Index: refpolicy-2.20170224/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20170224.orig/policy/modules/system/init.if
+++ refpolicy-2.20170224/policy/modules/system/init.if
@@ -1135,6 +1232,24 @@ interface(`init_var_lib_filetrans',`
filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
')
+######################################
+## <summary>
+## Allow search directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_search_pid_dirs',`
+ gen_require(`
+ type init_var_run_t;
+ ')
+
+ allow $1 init_var_run_t:dir search_dir_perms;
+')
+
########################################
## <summary>
## Create files in an init PID directory.
@@ -2261,6 +2467,24 @@ interface(`init_rw_script_tmp_files',`
########################################
## <summary>
+## Read and write init script inherited temporary data.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_rw_inherited_script_tmp_files',`
+ gen_require(`
+ type initrc_tmp_t;
+ ')
+
+ allow $1 initrc_tmp_t:file rw_inherited_file_perms;
+')
+
+########################################
+## <summary>
## Create files in a init script
## temporary data directory.
## </summary>
On 02/24/17 01:22, Russell Coker via refpolicy wrote:
> These are needed by several patches I'm about to send.
Merged. I renamed the init_search_pid_dirs to init_search_pids.
> Description: some new interfaces for init/systemd
> Author: Russell Coker <[email protected]>
> Last-Update: 2017-02-24
>
> Index: refpolicy-2.20170224/policy/modules/system/init.if
> ===================================================================
> --- refpolicy-2.20170224.orig/policy/modules/system/init.if
> +++ refpolicy-2.20170224/policy/modules/system/init.if
> @@ -1135,6 +1232,24 @@ interface(`init_var_lib_filetrans',`
> filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
> ')
>
> +######################################
> +## <summary>
> +## Allow search directory in the /run/systemd directory.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`init_search_pid_dirs',`
> + gen_require(`
> + type init_var_run_t;
> + ')
> +
> + allow $1 init_var_run_t:dir search_dir_perms;
> +')
> +
> ########################################
> ## <summary>
> ## Create files in an init PID directory.
> @@ -2261,6 +2467,24 @@ interface(`init_rw_script_tmp_files',`
>
> ########################################
> ## <summary>
> +## Read and write init script inherited temporary data.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`init_rw_inherited_script_tmp_files',`
> + gen_require(`
> + type initrc_tmp_t;
> + ')
> +
> + allow $1 initrc_tmp_t:file rw_inherited_file_perms;
> +')
> +
> +########################################
> +## <summary>
> ## Create files in a init script
> ## temporary data directory.
> ## </summary>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito