From 599e8ff70251b4ea91e1a8c550e6101160430f3d Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Fri, 21 May 2010 12:19:32 -0400
Subject: [PATCH] Create type and allow squid to manage its own tmpfs files

---
 policy/modules/services/squid.te | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
index 96d8cd5dc..8690bb69d 100644
--- a/policy/modules/services/squid.te
+++ b/policy/modules/services/squid.te
@@ -38,6 +38,9 @@ init_script_file(squid_initrc_exec_t)
 type squid_log_t;
 logging_log_file(squid_log_t)
 
+type squid_tmpfs_t;
+files_tmpfs_file(squid_tmpfs_t)
+
 type squid_var_run_t;
 files_pid_file(squid_var_run_t)
 
@@ -79,6 +82,10 @@ manage_files_pattern(squid_t, squid_log_t, squid_log_t)
 manage_lnk_files_pattern(squid_t, squid_log_t, squid_log_t)
 logging_log_filetrans(squid_t, squid_log_t, { file dir })
 
+#squid requires the following when run in diskd mode, the recommended setting
+manage_files_pattern(squid_t, squid_tmpfs_t, squid_tmpfs_t)
+fs_tmpfs_filetrans(squid_t, squid_tmpfs_t, { file })
+
 manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
 files_pid_filetrans(squid_t, squid_var_run_t, file)
 
@@ -127,8 +134,6 @@ dev_read_urand(squid_t)
 
 fs_getattr_all_fs(squid_t)
 fs_search_auto_mountpoints(squid_t)
-#squid requires the following when run in diskd mode, the recommended setting
-fs_rw_tmpfs_files(squid_t)
 fs_list_inotifyfs(squid_t)
 
 selinux_dontaudit_getattr_dir(squid_t)