From: sven.vermeulen@siphos.be (Sven Vermeulen)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH v3 2/3] Use the init_daemon_run_dir interface for udev
Date: Tue, 14 Aug 2012 19:28:46 +0200 [thread overview]
Message-ID: <20120814172845.GC10055@siphos.be> (raw)
In-Reply-To: <20120814172720.GA10055@siphos.be>
Use the init_daemon_run_dir interface in order to allow initrc_t to create the
run dirs of the udev daemon with the proper file transition.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
policy/modules/system/init.te | 1 -
policy/modules/system/udev.if | 9 +++------
policy/modules/system/udev.te | 1 +
3 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index bf167d5..eb236c3 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -834,7 +834,6 @@ optional_policy(`
optional_policy(`
udev_rw_db(initrc_t)
- udev_generic_pid_filetrans_run_dirs(initrc_t, "udev")
udev_manage_pid_files(initrc_t)
udev_manage_pid_dirs(initrc_t)
udev_manage_rules_files(initrc_t)
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index 77a13a5..951fd25 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -263,7 +263,8 @@ interface(`udev_manage_pid_dirs',`
########################################
## <summary>
-## Create directories in the run location with udev_var_run_t type
+## Create directories in the run location with udev_var_run_t type.
+## This method is deprecated in favor of the init_daemon_run_dir interface.
## </summary>
## <param name="domain">
## <summary>
@@ -277,11 +278,7 @@ interface(`udev_manage_pid_dirs',`
## </param>
#
interface(`udev_generic_pid_filetrans_run_dirs',`
- gen_require(`
- type udev_var_run_t;
- ')
-
- files_pid_filetrans($1, udev_var_run_t, dir, $2)
+ refpolicywarn(`$0($*) has been deprecated, please use init_daemon_run_dir instead.')
')
########################################
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index ee6b046..41459ec 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -25,6 +25,7 @@ files_type(udev_rules_t)
type udev_var_run_t;
files_pid_file(udev_var_run_t)
+init_daemon_run_dir(udev_var_run_t, "udev")
ifdef(`enable_mcs',`
kernel_ranged_domtrans_to(udev_t, udev_exec_t, s0 - mcs_systemhigh)
--
1.7.8.6
next prev parent reply other threads:[~2012-08-14 17:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-14 17:27 [refpolicy] [PATCH v3 0/3] Support /run/* creation for initrc_t Sven Vermeulen
2012-08-14 17:28 ` [refpolicy] [PATCH v3 1/3] Introduce init_daemon_run_dir transformation Sven Vermeulen
2012-08-16 11:25 ` Sven Vermeulen
2012-08-23 13:19 ` Christopher J. PeBenito
2012-08-14 17:28 ` Sven Vermeulen [this message]
2012-08-14 17:29 ` [refpolicy] [PATCH v3 3/3] Allow initrc_t to create run dirs for dbus, mysqld and tor Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120814172845.GC10055@siphos.be \
--to=sven.vermeulen@siphos.be \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.