Introduce files_manage_all_pids interface

This interface will be used by domains that need to manage the various pidfile
content (*_var_run_t).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-10-30 22:51:54 +01:00 committed by Chris PeBenito
parent 44b2efbf78
commit 5751a33f27

View File

@ -6189,6 +6189,27 @@ interface(`files_dontaudit_getattr_all_pids',`
dontaudit $1 pidfile:file getattr;
')
########################################
## <summary>
## Create, read, write and delete all
## var_run (pid) content
## </summary>
## <param name="domain">
## <summary>
## Domain alloed access.
## </summary>
## </param>
#
interface(`files_manage_all_pids',`
gen_require(`
attribute pidfile;
')
manage_dirs_pattern($1, pidfile, pidfile)
manage_files_pattern($1, pidfile, pidfile)
manage_lnk_files_pattern($1, pidfile, pidfile)
')
########################################
## <summary>
## Do not audit attempts to write to daemon runtime data files.