commit: 9b0381b0a1bb48191b63472a7297882b81f1a1a5 Author: cgzones <cgzones <AT> googlemail <DOT> com> AuthorDate: Thu Jan 5 11:14:08 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Feb 25 14:15:28 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9b0381b0
add init_daemon_lock_file() needed for ntp policy/modules/system/init.if | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 1b26cf5e..4a36e12a 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -512,6 +512,39 @@ interface(`init_daemon_pid_file',` ######################################## ## <summary> +## Mark the file type as a daemon lock file, allowing initrc_t +## to create it +## </summary> +## <param name="filetype"> +## <summary> +## Type to mark as a daemon lock file +## </summary> +## </param> +## <param name="class"> +## <summary> +## Class on which the type is applied +## </summary> +## </param> +## <param name="filename"> +## <summary> +## Filename of the file that the init script creates +## </summary> +## </param> +# +interface(`init_daemon_lock_file',` + gen_require(` + type initrc_t; + ') + + files_lock_file($1) + files_lock_filetrans(initrc_t, $1, $2, $3) + + allow initrc_t $1:dir manage_dir_perms; + allow initrc_t $1:file manage_file_perms; +') + +######################################## +## <summary> ## Mark the file type as a daemon run dir, allowing initrc_t ## to create it ## </summary>
