diff options
| author |   Luis Ressel <aranea@aixah.de> | 2017-05-08 20:24:30 +0200 |
|---|---|---|
| committer |   Sven Vermeulen <swift@gentoo.org> | 2017-05-18 19:01:53 +0200 |
| commit | 5164572d4f1c9c12bcad411349ee23f196dcc524 (patch) | |
| tree | 6ca25d4ec82c7573a1dd17b3d3b6793d3671fa84 | |
| parent | chronyd: Re-align fc file (diff) | |
| download | hardened-refpolicy-5164572d4f1c9c12bcad411349ee23f196dcc524.tar.gz hardened-refpolicy-5164572d4f1c9c12bcad411349ee23f196dcc524.tar.bz2 hardened-refpolicy-5164572d4f1c9c12bcad411349ee23f196dcc524.zip | |
chronyd: Allow init scripts to create /run/chrony
Remark: So far, chronyd.fc only contains /run/chronyd, but chrony's
default location is actually /run/chrony, so I've added that to the fc.
This commit also fixes a bug in the fc: It said (/.*) instead of (/.*)?
| -rw-r--r-- | policy/modules/contrib/chronyd.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/chronyd.te | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/contrib/chronyd.fc b/policy/modules/contrib/chronyd.fc index 94b601fd5..ca2747e72 100644 --- a/policy/modules/contrib/chronyd.fc +++ b/policy/modules/contrib/chronyd.fc @@ -14,7 +14,7 @@ /var/log/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_log_t,s0) -/run/chronyd(/.*) gen_context(system_u:object_r:chronyd_var_run_t,s0) +/run/chronyd?(/.*)? gen_context(system_u:object_r:chronyd_var_run_t,s0) /run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0) /run/chronyd\.sock -s gen_context(system_u:object_r:chronyd_var_run_t,s0) diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te index 3e9a1c5b8..62ddd0bf8 100644 --- a/policy/modules/contrib/chronyd.te +++ b/policy/modules/contrib/chronyd.te @@ -28,7 +28,7 @@ type chronyd_var_log_t; logging_log_file(chronyd_var_log_t) type chronyd_var_run_t; -files_pid_file(chronyd_var_run_t) +init_daemon_pid_file(chronyd_var_run_t, dir, "chrony") ######################################## # |