Update files_manage_generic_locks with directory permissions
Currently, the files_manage_generic_locks only handles the lock files. If a domain needs to manage both lock files and the lock directories (like specific subdirectories in /var/lock that are not owned by a single other domain, such as Gentoo's /var/lock/subsys location) it also needs the manage permissions on the directory. This is to support OpenRC's migration of /var/lock to /run/lock which otherwise fails: * Migrating /var/lock to /run/lock cp: cannot create directory '/run/lock/subsys': Permission denied rm: cannot remove '/var/lock/subsys': Permission denied Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
da69156a54
commit
d981fce3e1
@ -5818,6 +5818,7 @@ interface(`files_manage_generic_locks',`
|
||||
|
||||
allow $1 var_t:dir search_dir_perms;
|
||||
allow $1 var_lock_t:lnk_file read_lnk_file_perms;
|
||||
manage_dirs_pattern($1, var_lock_t, var_lock_t)
|
||||
manage_files_pattern($1, var_lock_t, var_lock_t)
|
||||
')
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user