diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-12-17 10:42:44 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-01-03 17:24:01 +0100 |
| commit | c6dbdc8b04d7d2ddc3fcd28213d84091c1f24eaf (patch) | |
| tree | 025f96b2bff2ac5c61f514ad4b2373293bada167 /policy/modules/system/lvm.te | |
| parent | Postgresql 9.2 connects to its unix stream socket (diff) | |
| download | hardened-refpolicy-c6dbdc8b04d7d2ddc3fcd28213d84091c1f24eaf.tar.gz hardened-refpolicy-c6dbdc8b04d7d2ddc3fcd28213d84091c1f24eaf.tar.bz2 hardened-refpolicy-c6dbdc8b04d7d2ddc3fcd28213d84091c1f24eaf.zip | |
lvscan creates the /run/lock/lvm directory if nonexisting (v2)
If the /run/lock/lvm directory doesn't exist yet, running any of the LVM tools
(like lvscan) will create this directory. Introduce a named file transition for
the lock location when a directory named "lvm" is created and grant the
necessary rights to create the directory.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Diffstat (limited to 'policy/modules/system/lvm.te')
| -rw-r--r-- | policy/modules/system/lvm.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 663cc8dc..14443b59 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -192,7 +192,9 @@ can_exec(lvm_t, lvm_exec_t) # Creating lock files manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t) +create_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t) files_lock_filetrans(lvm_t, lvm_lock_t, file) +files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm") manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) |