+## Example: +##
+##+## type myfile_t; +## files_type(myfile_t) +## allow mydomain_t myfile_t:file read_file_perms; +##
## ## ##+## Make the specified type usable for runtime process ID files, +## typically found in /var/run. +## This will also make the type usable for files, making +## calls to files_type() redundant. Failure to use this interface +## for a PID file type may result in problems with starting +## or stopping services. +##
+##+## Related interfaces: +##
+##+## Example usage with a domain that can create and +## write its PID file with a private PID file type in the +## /var/run directory: +##
+##+## type mypidfile_t; +## files_pid_file(mypidfile_t) +## allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; +## files_pid_filetrans(mydomain_t, mypidfile_t, file) +##
+##+## Make the specified type usable for configuration files. +## This will also make the type usable for files, making +## calls to files_type() redundant. Failure to use this interface +## for a temporary file may result in problems with +## configuration management tools. +##
+##+## Example usage with a domain that can read +## its configuration file /etc: +##
+##+## type myconffile_t; +## files_config_file(myconffile_t) +## allow mydomain_t myconffile_t:file read_file_perms; +## files_search_etc(mydomain_t) +##
+##+## Make the specified type usable for temporary files. +## This will also make the type usable for files, making +## calls to files_type() redundant. Failure to use this interface +## for a temporary file may result in problems with +## purging temporary files. +##
+##+## Related interfaces: +##
+##+## Example usage with a domain that can create and +## write its temporary file in the system temporary file +## directories (/tmp or /var/tmp): +##
+##+## type mytmpfile_t; +## files_tmp_file(mytmpfile_t) +## allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms }; +## files_tmp_filetrans(mydomain_t, mytmpfile_t, file) +##
+##+## Allow the specified domain to read dynamically created +## configuration files in /etc. These files are typically +## general system configuration files that do +## not have more specific SELinux types. Some +## examples of these files are: +##
+##+## This interface does not include access to /etc/shadow. +##
+##+## Allow the specified domain to read generic +## files in /usr. These files are various program +## files that do not have more specific SELinux types. +## Some examples of these files are: +##
+##+## Generally, it is safe for many domains to have +## this access. +##
+##+## Search the /var/lib directory. This is +## necessary to access files or directories under +## /var/lib that have a private type. For example, a +## domain accessing a private library file in the +## /var/lib directory: +##
+##+## allow mydomain_t mylibfile_t:file read_file_perms; +## files_search_var_lib(mydomain_t) +##
+##+## Create an object in the process ID directory (e.g., /var/run) +## with a private type. Typically this is used for creating +## private PID files in /var/run with the private type instead +## of the general PID file type. To accomplish this goal, +## either the program must be SELinux-aware, or use this interface. +##
+##+## Related interfaces: +##
+##+## Example usage with a domain that can create and +## write its PID file with a private PID file type in the +## /var/run directory: +##
+##+## type mypidfile_t; +## files_pid_file(mypidfile_t) +## allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; +## files_pid_filetrans(mydomain_t, mypidfile_t, file) +##
+##