[refpolicy] [PATCH 4/5] Introduce the tmpfiles_t domain

Sven Vermeulen sven.vermeulen at siphos.be
Fri Aug 15 05:35:23 EDT 2014

On Thu, Aug 14, 2014 at 03:40:08PM -0400, Christopher J. PeBenito wrote:
> On 8/7/2014 2:05 PM, Sven Vermeulen wrote:
> > +policy_module(tmpfiles, 1.0.0)
> [...]
> > +type tmpfiles_var_run_t;
> > +files_pid_file(tmpfiles_var_run_t)
> Nothing really jumped out at me as being a problem, but since most
> (all?) distributions have moved towards these files being in /run, I'd
> prefer to get away from having "var_run" in the type names.  Why don't
> we go with something like tmpfiles_run_t or tmpfiles_pid_t?

I prefer the _run_t suffix, even though this would mean that there will be
interfaces ending with "_run" which aren't the standard _run interfaces (as
in, assign role and perform a domain transition).

But unless some developer starts naming an application "read" or "manage", I
think we can deal with that through the name: tmpfiles_read_run versus

I'm okay with _pid_t too, but I prefer _run_t because _pid_t "sounds" like
it is specific to pid files (*.pid) whereas /run resources are used for
much, more more than that.

	Sven Vermeulen

More information about the refpolicy mailing list