From 829b252cdc41e4f95e132fde55d7260b652100f2 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Mon, 17 Dec 2012 10:42:44 +0100 Subject: [PATCH] lvscan creates the /run/lock/lvm directory if nonexisting (v2) If the /run/lock/lvm directory doesn't exist yet, running any of the LVM tools (like lvscan) will create this directory. Introduce a named file transition for the lock location when a directory named "lvm" is created and grant the necessary rights to create the directory. Signed-off-by: Sven Vermeulen --- policy/modules/system/lvm.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index f8eeecd9d..a712d850e 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -192,7 +192,9 @@ can_exec(lvm_t, lvm_exec_t) # Creating lock files manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t) +create_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t) files_lock_filetrans(lvm_t, lvm_lock_t, file) +files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm") manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)