[refpolicy] [PATCH v2 2/2] Introduce interfaces for mysql /run support

Sven Vermeulen sven.vermeulen at siphos.be
Tue Jul 31 12:45:25 CDT 2012


To allow the mysql init scripts to create /run/mysqld, we need to include three
interfaces from mysql: one to support the file transition towards
mysqld_var_run_t, one to allow the init scripts to create
mysqld_var_run_t-labeled directories and one to change the attributes of the
directory (change ownership)

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 mysql.if |   65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 65 insertions(+), 0 deletions(-)

diff --git a/mysql.if b/mysql.if
index e9c0982..6b9b5f5 100644
--- a/mysql.if
+++ b/mysql.if
@@ -311,6 +311,71 @@ interface(`mysql_search_pid_files',`
 	search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
 ')
 
+#######################################
+## <summary>
+##	Automatically use the MySQL run label for created resources in the
+##	generic run location(s).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to have automatic transitioning
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Resource class for which an automatic transition should occur
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	The name of the resource being created
+##	</summary>
+## </param>
+#
+interface(`mysql_generic_run_filetrans_pid',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	files_pid_filetrans($1, mysqld_var_run_t, $2, $3)
+')
+
+#######################################
+## <summary>
+##	Change the attributes of the MySQL run dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`mysql_setattr_run_dirs',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	setattr_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
+')
+
+#######################################
+## <summary>
+##	Create MySQLd run directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`mysql_create_run_dirs',`
+	gen_require(`
+		type mysqld_var_run_t;
+	')
+
+	create_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to administrate an mysql environment
-- 
1.7.8.6



More information about the refpolicy mailing list