commit: 5164572d4f1c9c12bcad411349ee23f196dcc524 Author: Luis Ressel <aranea <AT> aixah <DOT> de> AuthorDate: Mon May 8 18:24:30 2017 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Thu May 18 17:01:53 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5164572d
chronyd: Allow init scripts to create /run/chrony Remark: So far, chronyd.fc only contains /run/chronyd, but chrony's default location is actually /run/chrony, so I've added that to the fc. This commit also fixes a bug in the fc: It said (/.*) instead of (/.*)? policy/modules/contrib/chronyd.fc | 2 +- policy/modules/contrib/chronyd.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/contrib/chronyd.fc b/policy/modules/contrib/chronyd.fc index 94b601fd..ca2747e7 100644 --- a/policy/modules/contrib/chronyd.fc +++ b/policy/modules/contrib/chronyd.fc @@ -14,7 +14,7 @@ /var/log/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_log_t,s0) -/run/chronyd(/.*) gen_context(system_u:object_r:chronyd_var_run_t,s0) +/run/chronyd?(/.*)? gen_context(system_u:object_r:chronyd_var_run_t,s0) /run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0) /run/chronyd\.sock -s gen_context(system_u:object_r:chronyd_var_run_t,s0) diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te index 3e9a1c5b..62ddd0bf 100644 --- a/policy/modules/contrib/chronyd.te +++ b/policy/modules/contrib/chronyd.te @@ -28,7 +28,7 @@ type chronyd_var_log_t; logging_log_file(chronyd_var_log_t) type chronyd_var_run_t; -files_pid_file(chronyd_var_run_t) +init_daemon_pid_file(chronyd_var_run_t, dir, "chrony") ######################################## #
