Update files_manage_generic_locks with directory permissions

Currently, the files_manage_generic_locks only handles the lock files. If a
domain needs to manage both lock files and the lock directories (like specific
subdirectories in /var/lock that are not owned by a single other domain, such as
Gentoo's /var/lock/subsys location) it also needs the manage permissions on the
directory.

This is to support OpenRC's migration of /var/lock to /run/lock which otherwise
fails:

* Migrating /var/lock to /run/lock
cp: cannot create directory '/run/lock/subsys': Permission denied
rm: cannot remove '/var/lock/subsys': Permission denied

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-10-30 22:51:56 +01:00 committed by Chris PeBenito
parent da69156a54
commit d981fce3e1

View File

@ -5818,6 +5818,7 @@ interface(`files_manage_generic_locks',`
allow $1 var_t:dir search_dir_perms;
allow $1 var_lock_t:lnk_file read_lnk_file_perms;
manage_dirs_pattern($1, var_lock_t, var_lock_t)
manage_files_pattern($1, var_lock_t, var_lock_t)
')