Introduce init_daemon_run_dir transformation
Due to the introduction of /run, many init scripts need to create the daemon run dirs (such as /run/udev for the udev init script). To simplify this, we introduce the "daemonrundir" attribute to which initrc_t has the necessary create_dirs_perms granted. Because it often needs to change the attributes or ownership of the directories as well, we also grant the setattr rights on the directory. Then, when needed, the modules can call this interface while adding the name of the directory. This will trigger a named file transition when initrc_t creates this directory: init_daemon_run_dir(udev_var_run_t, "udev") will trigger files_pid_filetrans(initrc_t, udev_var_run_t, dir, "udev") Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen
Chris PeBenito
parent
c1880113bc
commit
dc663fe40a
|
|
@ -415,6 +415,33 @@ interface(`init_ranged_system_domain',`
|
|||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mark the file type as a daemon run dir, allowing initrc_t
|
||||
## to create it
|
||||
## </summary>
|
||||
## <param name="filetype">
|
||||
## <summary>
|
||||
## Type to mark as a daemon run dir
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="filename">
|
||||
## <summary>
|
||||
## Filename of the directory that the init script creates
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`init_daemon_run_dir',`
|
||||
gen_require(`
|
||||
attribute daemonrundir;
|
||||
type initrc_t;
|
||||
')
|
||||
|
||||
typeattribute $1 daemonrundir;
|
||||
|
||||
files_pid_filetrans(initrc_t, $1, dir, $2)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute init (/sbin/init) with a domain transition.
|
||||
|
|
|
|||
|
|
@ -29,6 +29,9 @@ attribute init_run_all_scripts_domain;
|
|||
# Mark process types as daemons
|
||||
attribute daemon;
|
||||
|
||||
# Mark file type as a daemon run directory
|
||||
attribute daemonrundir;
|
||||
|
||||
#
|
||||
# init_t is the domain of the init process.
|
||||
#
|
||||
|
|
@ -242,6 +245,9 @@ init_telinit(initrc_t)
|
|||
|
||||
can_exec(initrc_t, init_script_file_type)
|
||||
|
||||
create_dirs_pattern(initrc_t, daemonrundir, daemonrundir)
|
||||
setattr_dirs_pattern(initrc_t, daemonrundir, daemonrundir)
|
||||
|
||||
domtrans_pattern(init_run_all_scripts_domain, initrc_exec_t, initrc_t)
|
||||
|
||||
manage_dirs_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue