diff --git a/policy/modules/services/aisexec.if b/policy/modules/services/aisexec.if
index 58acae2..7fb41c2 100644
--- a/policy/modules/services/aisexec.if
+++ b/policy/modules/services/aisexec.if
@@ -1,4 +1,4 @@
-## <summary>SELinux policy for Aisexec Cluster Engine</summary>
+## <summary>Aisexec Cluster Engine</summary>
########################################
## <summary>
diff --git a/policy/modules/services/aisexec.te b/policy/modules/services/aisexec.te
index 1b0bba7..22f2004 100644
--- a/policy/modules/services/aisexec.te
+++ b/policy/modules/services/aisexec.te
@@ -13,22 +13,18 @@ init_daemon_domain(aisexec_t, aisexec_exec_t)
type aisexec_initrc_exec_t;
init_script_file(aisexec_initrc_exec_t);
-# tmp files
type aisexec_tmp_t;
files_tmp_file(aisexec_tmp_t)
type aisexec_tmpfs_t;
files_tmpfs_file(aisexec_tmpfs_t)
-# var/lib files
type aisexec_var_lib_t;
files_type(aisexec_var_lib_t)
-# log files
type aisexec_var_log_t;
logging_log_file(aisexec_var_log_t)
-# pid files
type aisexec_var_run_t;
files_pid_file(aisexec_var_run_t)
@@ -45,7 +41,6 @@ allow aisexec_t self:unix_stream_socket { create_stream_socket_perms connectto }
allow aisexec_t self:unix_dgram_socket create_socket_perms;
allow aisexec_t self:udp_socket create_socket_perms;
-# tmp files
manage_dirs_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
manage_files_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
files_tmp_filetrans(aisexec_t, aisexec_tmp_t, { file dir })
@@ -54,18 +49,15 @@ manage_dirs_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
manage_files_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
fs_tmpfs_filetrans(aisexec_t, aisexec_tmpfs_t, { dir file })
-# var/lib files
manage_files_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
manage_dirs_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
manage_sock_files_pattern(aisexec_t, aisexec_var_lib_t, aisexec_var_lib_t)
files_var_lib_filetrans(aisexec_t, aisexec_var_lib_t, { file dir sock_file })
-# log files
manage_files_pattern(aisexec_t, aisexec_var_log_t, aisexec_var_log_t)
manage_sock_files_pattern(aisexec_t, aisexec_var_log_t, aisexec_var_log_t)
logging_log_filetrans(aisexec_t,aisexec_var_log_t,{ sock_file file })
-# pid file
manage_files_pattern(aisexec_t, aisexec_var_run_t, aisexec_var_run_t)
manage_sock_files_pattern(aisexec_t, aisexec_var_run_t, aisexec_var_run_t)
files_pid_filetrans(aisexec_t, aisexec_var_run_t, { file sock_file })
@@ -86,9 +78,6 @@ auth_use_nsswitch(aisexec_t)
init_rw_script_tmp_files(aisexec_t)
-libs_use_ld_so(aisexec_t)
-libs_use_shared_libs(aisexec_t)
-
logging_send_syslog_msg(aisexec_t)
miscfiles_read_localization(aisexec_t)
@@ -99,17 +88,13 @@ optional_policy(`
optional_policy(`
# to communication with RHCS
- dlm_controld_manage_tmpfs_files(aisexec_t)
- dlm_controld_rw_semaphores(aisexec_t)
+ rhcs_rw_dlm_controld_semaphores(aisexec_t)
- fenced_manage_tmpfs_files(aisexec_t)
- fenced_rw_semaphores(aisexec_t)
+ rhcs_rw_fenced_semaphores(aisexec_t)
- gfs_controld_manage_tmpfs_files(aisexec_t)
- gfs_controld_rw_semaphores(aisexec_t)
- gfs_controld_t_rw_shm(aisexec_t)
+ rhcs_rw_gfs_controld_semaphores(aisexec_t)
+ rhcs_rw_gfs_controld_shm(aisexec_t)
- groupd_manage_tmpfs_files(aisexec_t)
- groupd_rw_semaphores(aisexec_t)
- groupd_rw_shm(aisexec_t)
+ rhcs_rw_groupd_semaphores(aisexec_t)
+ rhcs_rw_groupd_shm(aisexec_t)
')
diff --git a/policy/modules/services/corosync.if b/policy/modules/services/corosync.if
index 64f4ff9..3626db1 100644
--- a/policy/modules/services/corosync.if
+++ b/policy/modules/services/corosync.if
@@ -1,4 +1,4 @@
-## <summary>SELinux policy for Corosync Cluster Engine</summary>
+## <summary>Corosync Cluster Engine</summary>
########################################
## <summary>
diff --git a/policy/modules/services/corosync.te b/policy/modules/services/corosync.te
index ddccc21..ad8d017 100644
--- a/policy/modules/services/corosync.te
+++ b/policy/modules/services/corosync.te
@@ -13,22 +13,18 @@ init_daemon_domain(corosync_t, corosync_exec_t)
type corosync_initrc_exec_t;
init_script_file(corosync_initrc_exec_t);
-# tmp files
type corosync_tmp_t;
files_tmp_file(corosync_tmp_t)
type corosync_tmpfs_t;
files_tmpfs_file(corosync_tmpfs_t)
-# var/lib files
type corosync_var_lib_t;
files_type(corosync_var_lib_t)
-# log files
type corosync_var_log_t;
logging_log_file(corosync_var_log_t)
-# pid files
type corosync_var_run_t;
files_pid_file(corosync_var_run_t)
@@ -46,7 +42,6 @@ allow corosync_t self:unix_stream_socket { create_stream_socket_perms connectto
allow corosync_t self:unix_dgram_socket create_socket_perms;
allow corosync_t self:udp_socket create_socket_perms;
-# tmp files
manage_dirs_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
manage_files_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
files_tmp_filetrans(corosync_t, corosync_tmp_t, { file dir })
@@ -55,18 +50,15 @@ manage_dirs_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
manage_files_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
fs_tmpfs_filetrans(corosync_t, corosync_tmpfs_t,{ dir file })
-# var/lib files
manage_files_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
manage_dirs_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
manage_sock_files_pattern(corosync_t, corosync_var_lib_t, corosync_var_lib_t)
files_var_lib_filetrans(corosync_t, corosync_var_lib_t, { file dir sock_file })
-# log files
manage_files_pattern(corosync_t, corosync_var_log_t, corosync_var_log_t)
manage_sock_files_pattern(corosync_t, corosync_var_log_t, corosync_var_log_t)
logging_log_filetrans(corosync_t, corosync_var_log_t, { sock_file file })
-# pid file
manage_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
manage_sock_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
files_pid_filetrans(corosync_t, corosync_var_run_t, { file sock_file })
@@ -100,14 +92,11 @@ optional_policy(`
optional_policy(`
# to communication with RHCS
- dlm_controld_manage_tmpfs_files(corosync_t)
- dlm_controld_rw_semaphores(corosync_t)
+ rhcs_rw_dlm_controld_semaphores(corosync_t)
- fenced_manage_tmpfs_files(corosync_t)
- fenced_rw_semaphores(corosync_t)
+ rhcs_rw_fenced_semaphores(corosync_t)
- gfs_controld_manage_tmpfs_files(corosync_t)
- gfs_controld_rw_semaphores(corosync_t)
+ rhcs_rw_gfs_controld_semaphores(corosync_t)
')
optional_policy(`
diff --git a/policy/modules/services/rgmanager.if b/policy/modules/services/rgmanager.if
index c220b3d..4504355 100644
--- a/policy/modules/services/rgmanager.if
+++ b/policy/modules/services/rgmanager.if
@@ -1,4 +1,4 @@
-## <summary>SELinux policy for rgmanager</summary>
+## <summary>rgmanager - Resource Group Manager</summary>
#######################################
## <summary>
@@ -19,24 +19,6 @@ interface(`rgmanager_domtrans',`
domtrans_pattern($1, rgmanager_exec_t, rgmanager_t)
')
-#######################################
-## <summary>
-## Allow read and write access to rgmanager semaphores.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`rgmanager_rw_semaphores',`
- gen_require(`
- type rgmanager_t;
- ')
-
- allow $1 rgmanager_t:sem rw_sem_perms;
-')
-
########################################
## <summary>
## Connect to rgmanager over an unix stream socket.
diff --git a/policy/modules/services/rgmanager.te b/policy/modules/services/rgmanager.te
index 419da00..4bba0fb 100644
--- a/policy/modules/services/rgmanager.te
+++ b/policy/modules/services/rgmanager.te
@@ -18,18 +18,15 @@ type rgmanager_exec_t;
domain_type(rgmanager_t)
init_daemon_domain(rgmanager_t, rgmanager_exec_t)
-# tmp files
type rgmanager_tmp_t;
files_tmp_file(rgmanager_tmp_t)
type rgmanager_tmpfs_t;
files_tmpfs_file(rgmanager_tmpfs_t)
-# log files
type rgmanager_var_log_t;
logging_log_file(rgmanager_var_log_t)
-# pid files
type rgmanager_var_run_t;
files_pid_file(rgmanager_var_run_t)
@@ -48,7 +45,6 @@ allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };
allow rgmanager_t self:unix_dgram_socket create_socket_perms;
allow rgmanager_t self:tcp_socket create_stream_socket_perms;
-# tmp files
manage_dirs_pattern(rgmanager_t, rgmanager_tmp_t, rgmanager_tmp_t)
manage_files_pattern(rgmanager_t, rgmanager_tmp_t, rgmanager_tmp_t)
files_tmp_filetrans(rgmanager_t, rgmanager_tmp_t, { file dir })
@@ -57,11 +53,9 @@ manage_dirs_pattern(rgmanager_t, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
manage_files_pattern(rgmanager_t, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
fs_tmpfs_filetrans(rgmanager_t, rgmanager_tmpfs_t,{ dir file })
-# log files
manage_files_pattern(rgmanager_t, rgmanager_var_log_t, rgmanager_var_log_t)
logging_log_filetrans(rgmanager_t, rgmanager_var_log_t, { file })
-# pid file
manage_files_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
manage_sock_files_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
files_pid_filetrans(rgmanager_t, rgmanager_var_run_t, { file sock_file })
@@ -103,9 +97,6 @@ auth_read_all_files_except_shadow(rgmanager_t)
auth_dontaudit_getattr_shadow(rgmanager_t)
auth_use_nsswitch(rgmanager_t)
-libs_use_ld_so(rgmanager_t)
-libs_use_shared_libs(rgmanager_t)
-
logging_send_syslog_msg(rgmanager_t)
miscfiles_read_localization(rgmanager_t)
@@ -132,7 +123,7 @@ optional_policy(`
')
optional_policy(`
- groupd_stream_connect(rgmanager_t)
+ rhcs_stream_connect_groupd(rgmanager_t)
')
optional_policy(`
@@ -142,7 +133,7 @@ optional_policy(`
optional_policy(`
ccs_manage_config(rgmanager_t)
ccs_stream_connect(rgmanager_t)
- gfs_controld_stream_connect(rgmanager_t)
+ rhcs_stream_connect_gfs_controld(rgmanager_t)
')
optional_policy(`
diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if
index 1516fcd..c9ce9ab 100644
--- a/policy/modules/services/rhcs.if
+++ b/policy/modules/services/rhcs.if
@@ -1,4 +1,4 @@
-## <summary>SELinux policy for RHCS - Red Hat Cluster Suite </summary>
+## <summary>RHCS - Red Hat Cluster Suite</summary>
#######################################
## <summary>
@@ -18,7 +18,7 @@ template(`rhcs_domain_template',`
##############################
#
- # $1_t declarations
+ # Declarations
#
type $1_t, cluster_domain;
@@ -28,17 +28,15 @@ template(`rhcs_domain_template',`
type $1_tmpfs_t;
files_tmpfs_file($1_tmpfs_t)
- # log files
type $1_var_log_t;
logging_log_file($1_var_log_t)
- # pid files
type $1_var_run_t;
files_pid_file($1_var_run_t)
##############################
#
- # $1_t local policy
+ # Local policy
#
manage_dirs_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
@@ -66,7 +64,7 @@ template(`rhcs_domain_template',`
## </summary>
## </param>
#
-interface(`dlm_controld_domtrans',`
+interface(`rhcs_domtrans_dlm_controld',`
gen_require(`
type dlm_controld_t, dlm_controld_exec_t;
')
@@ -86,7 +84,7 @@ interface(`dlm_controld_domtrans',`
## </summary>
## </param>
#
-interface(`dlm_controld_stream_connect',`
+interface(`rhcs_stream_connect_dlm_controld',`
gen_require(`
type dlm_controld_t, dlm_controld_var_run_t;
')
@@ -105,28 +103,12 @@ interface(`dlm_controld_stream_connect',`
## </summary>
## </param>
#
-interface(`dlm_controld_rw_semaphores',`
+interface(`rhcs_rw_dlm_controld_semaphores',`
gen_require(`
- type dlm_controld_t;
+ type dlm_controld_t, dlm_controld_tmpfs_t;
')
allow $1 dlm_controld_t:sem { rw_sem_perms destroy };
-')
-
-#####################################
-## <summary>
-## Manage dlm_controld tmpfs files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`dlm_controld_manage_tmpfs_files',`
- gen_require(`
- type dlm_controld_tmpfs_t;
- ')
fs_search_tmpfs($1)
manage_files_pattern($1, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
@@ -142,7 +124,7 @@ interface(`dlm_controld_manage_tmpfs_files',`
## </summary>
## </param>
#
-interface(`fenced_domtrans',`
+interface(`rhcs_domtrans_fenced',`
gen_require(`
type fenced_t, fenced_exec_t;
')
@@ -161,12 +143,15 @@ interface(`fenced_domtrans',`
## </summary>
## </param>
#
-interface(`fenced_rw_semaphores',`
+interface(`rhcs_rw_fenced_semaphores',`
gen_require(`
- type fenced_t;
+ type fenced_t, fenced_tmpfs_t;
')
allow $1 fenced_t:sem { rw_sem_perms destroy };
+
+ fs_search_tmpfs($1)
+ manage_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
')
######################################
@@ -179,7 +164,7 @@ interface(`fenced_rw_semaphores',`
## </summary>
## </param>
#
-interface(`fenced_stream_connect',`
+interface(`rhcs_stream_connect_fenced',`
gen_require(`
type fenced_var_run_t, fenced_t;
')
@@ -191,25 +176,6 @@ interface(`fenced_stream_connect',`
#####################################
## <summary>
-## Managed fenced tmpfs files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`fenced_manage_tmpfs_files',`
- gen_require(`
- type fenced_tmpfs_t;
- ')
-
- fs_search_tmpfs($1)
- manage_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
-')
-
-#####################################
-## <summary>
## Execute a domain transition to run gfs_controld.
## </summary>
## <param name="domain">
@@ -218,7 +184,7 @@ interface(`fenced_manage_tmpfs_files',`
## </summary>
## </param>
#
-interface(`gfs_controld_domtrans',`
+interface(`rhcs_domtrans_gfs_controld',`
gen_require(`
type gfs_controld_t, gfs_controld_exec_t;
')
@@ -227,25 +193,6 @@ interface(`gfs_controld_domtrans',`
domtrans_pattern($1, gfs_controld_exec_t, gfs_controld_t)
')
-###################################
-## <summary>
-## Manage gfs_controld tmpfs files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`gfs_controld_manage_tmpfs_files',`
- gen_require(`
- type gfs_controld_tmpfs_t;
- ')
-
- fs_search_tmpfs($1)
- manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
-')
-
####################################
## <summary>
## Allow read and write access to gfs_controld semaphores.
@@ -256,12 +203,15 @@ interface(`gfs_controld_manage_tmpfs_files',`
## </summary>
## </param>
#
-interface(`gfs_controld_rw_semaphores',`
+interface(`rhcs_rw_gfs_controld_semaphores',`
gen_require(`
- type gfs_controld_t;
+ type gfs_controld_t, gfs_controld_tmpfs_t;
')
allow $1 gfs_controld_t:sem { rw_sem_perms destroy };
+
+ fs_search_tmpfs($1)
+ manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
')
########################################
@@ -274,12 +224,15 @@ interface(`gfs_controld_rw_semaphores',`
## </summary>
## </param>
#
-interface(`gfs_controld_t_rw_shm',`
+interface(`rhcs_rw_gfs_controld_shm',`
gen_require(`
- type gfs_controld_t;
+ type gfs_controld_t, gfs_controld_tmpfs_t;
')
allow $1 gfs_controld_t:shm { rw_shm_perms destroy };
+
+ fs_search_tmpfs($1)
+ manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
')
#####################################
@@ -292,7 +245,7 @@ interface(`gfs_controld_t_rw_shm',`
## </summary>
## </param>
#
-interface(`gfs_controld_stream_connect',`
+interface(`rhcs_stream_connect_gfs_controld',`
gen_require(`
type gfs_controld_t, gfs_controld_var_run_t;
')
@@ -311,7 +264,7 @@ interface(`gfs_controld_stream_connect',`
## </summary>
## </param>
#
-interface(`groupd_domtrans',`
+interface(`rhcs_domtrans_groupd',`
gen_require(`
type groupd_t, groupd_exec_t;
')
@@ -331,7 +284,7 @@ interface(`groupd_domtrans',`
## </summary>
## </param>
#
-interface(`groupd_stream_connect',`
+interface(`rhcs_stream_connect_groupd',`
gen_require(`
type groupd_t, groupd_var_run_t;
')
@@ -350,12 +303,15 @@ interface(`groupd_stream_connect',`
## </summary>
## </param>
#
-interface(`groupd_rw_semaphores',`
+interface(`rhcs_rw_groupd_semaphores',`
gen_require(`
- type groupd_t;
+ type groupd_t, groupd_tmpfs_t;
')
allow $1 groupd_t:sem { rw_sem_perms destroy };
+
+ fs_search_tmpfs($1)
+ manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
')
########################################
@@ -368,28 +324,12 @@ interface(`groupd_rw_semaphores',`
## </summary>
## </param>
#
-interface(`groupd_rw_shm',`
+interface(`rhcs_rw_groupd_shm',`
gen_require(`
- type groupd_t;
+ type groupd_t, groupd_tmpfs_t;
')
allow $1 groupd_t:shm { rw_shm_perms destroy };
-')
-
-#####################################
-## <summary>
-## Manage groupd tmpfs files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`groupd_manage_tmpfs_files',`
- gen_require(`
- type groupd_tmpfs_t;
- ')
fs_search_tmpfs($1)
manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
@@ -405,7 +345,7 @@ interface(`groupd_manage_tmpfs_files',`
## </summary>
## </param>
#
-interface(`qdiskd_domtrans',`
+interface(`rhcs_domtrans_qdiskd',`
gen_require(`
type qdiskd_t, qdiskd_exec_t;
')
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
index 3fa9819..9203e3b 100644
--- a/policy/modules/services/rhcs.te
+++ b/policy/modules/services/rhcs.te
@@ -22,7 +22,6 @@ rhcs_domain_template(fenced)
type fenced_lock_t;
files_lock_file(fenced_lock_t)
-# tmp files
type fenced_tmp_t;
files_tmp_file(fenced_tmp_t)
@@ -32,7 +31,6 @@ rhcs_domain_template(groupd)
rhcs_domain_template(qdiskd)
-# var/lib files
type qdiskd_var_lib_t;
files_type(qdiskd_var_lib_t)
@@ -78,7 +76,6 @@ can_exec(fenced_t, fenced_exec_t)
manage_files_pattern(fenced_t, fenced_lock_t, fenced_lock_t)
files_lock_filetrans(fenced_t, fenced_lock_t, file)
-# tmp files
manage_dirs_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
manage_files_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
manage_fifo_files_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
@@ -235,9 +232,6 @@ allow cluster_domain self:fifo_file rw_fifo_file_perms;
allow cluster_domain self:unix_stream_socket create_stream_socket_perms;
allow cluster_domain self:unix_dgram_socket create_socket_perms;
-libs_use_ld_so(cluster_domain)
-libs_use_shared_libs(cluster_domain)
-
logging_send_syslog_msg(cluster_domain)
miscfiles_read_localization(cluster_domain)
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
index c759445..feeefcb 100644
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@@ -11,19 +11,15 @@ type ricci_exec_t;
domain_type(ricci_t)
init_daemon_domain(ricci_t, ricci_exec_t)
-# tmp files
type ricci_tmp_t;
files_tmp_file(ricci_tmp_t)
-# var/lib files
type ricci_var_lib_t;
files_type(ricci_var_lib_t)
-# log files
type ricci_var_log_t;
logging_log_file(ricci_var_log_t)
-# pid files
type ricci_var_run_t;
files_pid_file(ricci_var_run_t)
@@ -33,15 +29,12 @@ domain_type(ricci_modcluster_t)
domain_entry_file(ricci_modcluster_t, ricci_modcluster_exec_t)
role system_r types ricci_modcluster_t;
-# var/lib files
type ricci_modcluster_var_lib_t;
files_type(ricci_modcluster_var_lib_t)
-# log files
type ricci_modcluster_var_log_t;
logging_log_file(ricci_modcluster_var_log_t)
-# pid files
type ricci_modcluster_var_run_t;
files_pid_file(ricci_modcluster_var_run_t)
@@ -94,24 +87,20 @@ domain_auto_trans(ricci_t, ricci_modrpm_exec_t, ricci_modrpm_t)
domain_auto_trans(ricci_t, ricci_modservice_exec_t, ricci_modservice_t)
domain_auto_trans(ricci_t, ricci_modstorage_exec_t, ricci_modstorage_t)
-# tmp file
manage_dirs_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
manage_files_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
files_tmp_filetrans(ricci_t, ricci_tmp_t, { file dir })
-# var/lib files for ricci
manage_dirs_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
manage_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
manage_sock_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
files_var_lib_filetrans(ricci_t, ricci_var_lib_t, { file dir sock_file })
-# log files
allow ricci_t ricci_var_log_t:dir setattr;
manage_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
manage_sock_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
logging_log_filetrans(ricci_t, ricci_var_log_t, { sock_file file dir })
-# pid file
manage_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
manage_sock_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
files_pid_filetrans(ricci_t, ricci_var_run_t, { file sock_file })
@@ -277,13 +266,11 @@ allow ricci_modclusterd_t self:socket create_socket_perms;
allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
allow ricci_modclusterd_t ricci_modcluster_t:fifo_file rw_file_perms;
-# log files
allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
logging_log_filetrans(ricci_modclusterd_t, ricci_modcluster_var_log_t, { sock_file file dir })
-# pid file
manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
files_pid_filetrans(ricci_modclusterd_t, ricci_modcluster_var_run_t, { file sock_file })