Allow initrc_t to create pid files for wdmd

diff --git a/policy/modules/services/wdmd.if b/policy/modules/services/wdmd.if
index 51831f91d6d10885af6601262de540f587a4b14d..a554011bb9962725847506b3c7edf26248538fbc 100644 (file)
--- a/policy/modules/services/wdmd.if
+++ b/policy/modules/services/wdmd.if
@@ -72,6 +72,25 @@ interface(`wdmd_admin',`
 
 ')
 
+######################################
+## <summary>
+##     Create, read, write, and delete wdmd PID files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`wdmd_manage_pid_files',`
+       gen_require(`
+               type wdmd_var_run_t;
+       ')
+
+       files_search_pids($1)
+       manage_files_pattern($1, wdmd_var_run_t, wdmd_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##      Connect to wdmd over an unix stream socket.

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 3e121544c86349b9da385563d3521a52dd4252ac..af215c134cd3e9c18b33aabbb738bf9857977967 100644 (file)
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -795,6 +795,10 @@ ifdef(`distro_redhat',`
                sysnet_etc_filetrans_config(initrc_t, "yp.conf")
        ')
 
+       optional_policy(`
+               wdmd_manage_pid_files(initrc_t)
+       ')
+
        optional_policy(`
                xserver_delete_log(initrc_t)
        ')