[refpolicy] [PATCH v4 5/5] Allow init scripts to create and manage (udev) /run location
dominick.grift at gmail.com
Thu Jul 12 13:34:53 CDT 2012
On Thu, 2012-07-12 at 20:11 +0200, Sven Vermeulen wrote:
> On Thu, Jul 12, 2012 at 07:50:25PM +0200, Dominick Grift wrote:
> > > --- a/policy/modules/system/init.te
> > > +++ b/policy/modules/system/init.te
> > > @@ -277,6 +277,7 @@ kernel_rw_all_sysctls(initrc_t)
> > > kernel_dontaudit_getattr_message_if(initrc_t)
> > >
> > > files_create_lock_dirs(initrc_t)
> > > +files_create_pid_dirs(initrc_t)
> > Does it need to create generic pids as well?
> For the moment I have not seen the need for it. Most applications write
> their own pid file, or the pid files are written in a specific pid directory
> (so init scripts do not need to write var_run_t files).
> Of course, init scripts are quite "open" and I have only tested a very few
> ones (those needed to boot and run my systems, namely ;-) so who knows what
> other requirements could come out of the boat...
Sorry, what i meant to say was: Does it need to create generic pid dirs
I guess it does or else you would not add a rule to allow it that?
> Sven Vermeulen
> refpolicy mailing list
> refpolicy at oss.tresys.com
More information about the refpolicy