On 3/8/19 6:18 PM, Russell Coker wrote:
typealias screen_runtime_t alias screen_var_run_t;
type vmware_host_pid_t alias vmware_var_run_t;
typealias boot_t alias bootloader_run_t;
typealias acpid_var_run_t alias apmd_var_run_t;
type arpwatch_pid_t alias arpwatch_var_run_t;
type lircd_var_run_t alias lircd_sock_t;
type munin_var_run_t alias lrrd_var_run_t;
typealias samba_var_run_t alias { nmbd_var_run_t smbd_var_run_t };
typealias vnstatd_pid_t alias vnstatd_var_run_t;
typealias exim_pid_t alias exim_var_run_t;
typealias irqbalance_pid_t alias irqbalance_var_run_t;
typealias ntpd_pid_t alias ntpd_var_run_t;
type policykit_var_run_t alias polkit_var_run_t;
typealias clamd_var_run_t alias clamd_sock_t;
type getty_runtime_t alias getty_var_run_t;
typealias mount_runtime_t alias mount_var_run_t;
iptables_runtime_t alias iptables_var_run_t;
type mdadm_var_run_t alias mdadm_map_t;
typealias restorecond_run_t alias restorecond_var_run_t;
We have the above aliases in the current git policy. The current type names
include *_pid_t, *_var_run_t, and *_runtime_t.
We have 284 other type definitions that include _run_t, of which 274 are
_var_run_t.
Futher grepping found a few other instances of *_pid_t and *_runtime_t.
By far the most common (and most obviously wrong) is *_var_run_t. When using
systemd (and also non-systemd on systems like Debian) a tmpfs on /run is used
and /var/run is a symlink.
I think we should change this to use a common name. If this idea is generally
accepted I'll submit a patch changing all instances of *_var_run_t, *_pid_t,
and *_runtime_t to *_run_t with aliases for the old names.
What do you think?
I'd prefer to standardize on *_runtime_t as that doesn't have the
implicit baggage of *_run_t (it's more than pid files).
--
Chris PeBenito
