add init_daemon_lock_file()

needed for ntp
author: cgzones <cgzones@googlemail.com> 2017-01-05 12:14:08 +0100
committer: Jason Zaman <jason@perfinion.com> 2017-02-25 22:15:28 +0800
commit: 9b0381b0a1bb48191b63472a7297882b81f1a1a5 (patch)
tree: b9a297be123b23d094dc4488bd625130b92c718f
parent: Update deprecated interfaces (diff)
download: hardened-refpolicy-9b0381b0.tar.gz
hardened-refpolicy-9b0381b0.tar.bz2
hardened-refpolicy-9b0381b0.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 1b26cf5e..4a36e12a 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -512,6 +512,39 @@ interface(`init_daemon_pid_file',`
 
 ########################################
 ## <summary>
+##	Mark the file type as a daemon lock file, allowing initrc_t
+##	to create it
+## </summary>
+## <param name="filetype">
+##	<summary>
+##	Type to mark as a daemon lock file
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class on which the type is applied
+##	</summary>
+## </param>
+## <param name="filename">
+##	<summary>
+##	Filename of the file that the init script creates
+##	</summary>
+## </param>
+#
+interface(`init_daemon_lock_file',`
+	gen_require(`
+		type initrc_t;
+	')
+
+	files_lock_file($1)
+	files_lock_filetrans(initrc_t, $1, $2, $3)
+
+	allow initrc_t $1:dir manage_dir_perms;
+	allow initrc_t $1:file manage_file_perms;
+')
+
+########################################
+## <summary>
 ##	Mark the file type as a daemon run dir, allowing initrc_t
 ##	to create it
 ## </summary>
author	cgzones <cgzones@googlemail.com>	2017-01-05 12:14:08 +0100
committer	Jason Zaman <jason@perfinion.com>	2017-02-25 22:15:28 +0800
commit	9b0381b0a1bb48191b63472a7297882b81f1a1a5 (patch)
tree	b9a297be123b23d094dc4488bd625130b92c718f
parent	Update deprecated interfaces (diff)
download	hardened-refpolicy-9b0381b0.tar.gz hardened-refpolicy-9b0381b0.tar.bz2 hardened-refpolicy-9b0381b0.zip