[refpolicy] [PATCH v3 3/5] Allow init scripts to populate /run location

Sven Vermeulen sven.vermeulen at siphos.be
Tue Jul 3 12:43:58 CDT 2012


At boot up, the /run location is empty, and init scripts are responsible for
creating the necessary structure within to support their services. This means,
adding entries like for the lock folder (/run/lock).

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/system/init.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 953d586..0dbd708 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -276,7 +276,10 @@ kernel_rw_all_sysctls(initrc_t)
 # for lsof which is used by alsa shutdown:
 kernel_dontaudit_getattr_message_if(initrc_t)
 
+files_create_lock_dirs(initrc_t)
+files_pid_filetrans_lock_dir(initrc_t, "lock")
 files_read_kernel_symbol_table(initrc_t)
+files_setattr_lock_dirs(initrc_t)
 
 corecmd_exec_all_executables(initrc_t)
 
@@ -452,6 +455,7 @@ ifdef(`distro_gentoo',`
 
 	# allow bootmisc to create /var/lock/.keep.
 	files_manage_generic_locks(initrc_t)
+	files_pid_filetrans(initrc_t, initrc_state_t, dir, "openrc")
 
 	# openrc uses tmpfs for its state data
 	fs_tmpfs_filetrans(initrc_t, initrc_state_t, { dir file fifo_file lnk_file })
-- 
1.7.8.6



More information about the refpolicy mailing list