diff options
author | cgzones <cgzones@googlemail.com> | 2017-01-05 12:14:08 +0100 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-02-25 22:15:28 +0800 |
commit | 9b0381b0a1bb48191b63472a7297882b81f1a1a5 (patch) | |
tree | b9a297be123b23d094dc4488bd625130b92c718f | |
parent | Update deprecated interfaces (diff) | |
download | hardened-refpolicy-9b0381b0.tar.gz hardened-refpolicy-9b0381b0.tar.bz2 hardened-refpolicy-9b0381b0.zip |
add init_daemon_lock_file()
needed for ntp
-rw-r--r-- | policy/modules/system/init.if | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 1b26cf5e..4a36e12a 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -512,6 +512,39 @@ interface(`init_daemon_pid_file',` ######################################## ## <summary> +## Mark the file type as a daemon lock file, allowing initrc_t +## to create it +## </summary> +## <param name="filetype"> +## <summary> +## Type to mark as a daemon lock file +## </summary> +## </param> +## <param name="class"> +## <summary> +## Class on which the type is applied +## </summary> +## </param> +## <param name="filename"> +## <summary> +## Filename of the file that the init script creates +## </summary> +## </param> +# +interface(`init_daemon_lock_file',` + gen_require(` + type initrc_t; + ') + + files_lock_file($1) + files_lock_filetrans(initrc_t, $1, $2, $3) + + allow initrc_t $1:dir manage_dir_perms; + allow initrc_t $1:file manage_file_perms; +') + +######################################## +## <summary> ## Mark the file type as a daemon run dir, allowing initrc_t ## to create it ## </summary> |