On 03/02/2017 09:13 AM, Simon Sekidde wrote:
I assume this would be a pid file?
You assume correctly.
If so then what you are probably looking for is a filename_trans rule and will require a new interface in squid.if for this. Try something like interface(`squid_filetrans_named_content',` gen_require(` type_squid_var_run_t; ') files_pid_filetrans($1, squid_var_run_t, dir, "squozy") ')
Not sure where squid came from. The service is one of my own making called "squoxy" (short for "Squeezebox proxy"). Its purpose is to forward Squeezebox discovery broadcast packets from one network to another. So I assume that I would need to add something like this to my policy module: files_pid_filetrans(var_run_t, squoxy_var_run_t, dir, "squoxy") (I'm guessing at what to put in for $1.)
Hmm, so the relevant code in systemd actually labels the dir after creating it after an selinux database lookup, so from our side all should be good: https://github.com/systemd/systemd/blob/master/src/core/execute.c#L1857 (specifically, we all mkdir_p_label() instead of plain mkdir_p()
>> there) And this is working now, presumably after a reboot? I do so love non-deterministic computers. :-/ -- ======================================================================== Ian Pilcher arequipeno@xxxxxxxxx -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
