[refpolicy] [PATCH v4 5/5] Allow init scripts to create and manage (udev) /run location

Dominick Grift dominick.grift at gmail.com
Thu Jul 12 13:34:53 CDT 2012



On Thu, 2012-07-12 at 20:11 +0200, Sven Vermeulen wrote:
> On Thu, Jul 12, 2012 at 07:50:25PM +0200, Dominick Grift wrote:
> > > --- a/policy/modules/system/init.te
> > > +++ b/policy/modules/system/init.te
> > > @@ -277,6 +277,7 @@ kernel_rw_all_sysctls(initrc_t)
> > >  kernel_dontaudit_getattr_message_if(initrc_t)
> > >  
> > >  files_create_lock_dirs(initrc_t)
> > > +files_create_pid_dirs(initrc_t)
> > 
> > Does it need to create generic pids as well?
> 
> For the moment I have not seen the need for it. Most applications write
> their own pid file, or the pid files are written in a specific pid directory
> (so init scripts do not need to write var_run_t files).
> 
> Of course, init scripts are quite "open" and I have only tested a very few
> ones (those needed to boot and run my systems, namely ;-) so who knows what
> other requirements could come out of the boat...
> 

Sorry, what i meant to say was: Does it need to create generic pid dirs
as well?

I guess it does or else you would not add a rule to allow it that?

> Wkr,
> 	Sven Vermeulen
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy




More information about the refpolicy mailing list