Allow virtd_t to create dnsmasq pid dir

diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if
index 6534e481b2c0c7b0ffb51fc4559979a6e67492ef..8725dd2a927f34bafc08046b80500de3ea708575 100644 (file)
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@@ -173,6 +173,26 @@ interface(`dnsmasq_read_pid_files',`
        read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
 ')
 
+########################################
+## <summary>
+##     Create dnsmasq pid dirs
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+#
+interface(`dnsmasq_create_pid_dirs',`
+       gen_require(`
+               type dnsmasq_var_run_t;
+       ')
+
+       files_search_pids($1)
+       create_dirs_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##     Transition to dnsmasq named content

diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index c1e3aefb39b247570a8312798a2ea48b7a9d6fe1..ae4a925cac35e11657d1267cd12f1887ba4a901d 100644 (file)
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -457,6 +457,7 @@ optional_policy(`
        dnsmasq_kill(virtd_t)
        dnsmasq_read_pid_files(virtd_t)
        dnsmasq_signull(virtd_t)
+       dnsmasq_create_pid_dirs(virtd_t)
        dnsmasq_filetrans_named_content(virtd_t, virt_var_run_t);
 ')