Some policy modules define file contexts in /bin, /sbin and /lib without
defining similar file contexts in the same directory under /usr.
Add these missing file contexts when there are outside ifdef blocks.
Remove file context aliases and update file context paths to use the /run filesystem path.
Add backward compatibility file context alias for /var/run using applications like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783321
Lock files are still seated at /var/lock
Only for services that already have a named init script.
Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
udevadm wants to create files in /run/udev/data. It writes to udev_tbl_t
directories
udev_t runs udisks-lvm-pv-export with a domain transition to lvm_t
udev: remove compromise_kernel capability2 av perm as its currently not
supported in reference policy
udev: udevadm managing udev_tbl_t symbolic links (/run/udev/watch/6)
udev: udevd manages control udev_tbl_t type socket
udev: udevd manages udev_tbl_t directories
named files pid filetrans for /run/udev directory
udev: lets just label /run/udev type udev_var_run_t and get it over with
udev: make the files_pid_filetrans more specific because it appears that
udev also creates directories in /run that we dont want to have created
with type udev_var_run_t (/run/avahi-daemon in Debian)
udev: udev-acl.ck uses dbus system bus fds
udev: sends dbus message to consolekit manager:
OpenSessionWithParameters
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Nicolas Iooss
cgzones
Chris PeBenito
Dominick Grift