Introduce new type pdns_var_lib_t

wrabcak · wrabcak · commit 46d44de3590e · 2019-11-28T17:57:14.000+01:00
Allow processes labeled as pdns_t to create new files and directories
labeled as pdns_var_lib_t in directory /var/lib/pdns

Resolves: rhbz#1364611
diff --git a/pdns.fc b/pdns.fc
@@ -4,3 +4,5 @@
 /var/run/pdns\.pid		--	gen_context(system_u:object_r:pdns_var_run_t,s0)
 /var/run/pdns\.controlsocket	-s	gen_context(system_u:object_r:pdns_var_run_t,s0)
 /etc/pdns(/.*)?				gen_context(system_u:object_r:pdns_conf_t,s0)
+
+/var/lib/pdns(/.*)?				gen_context(system_u:object_r:pdns_var_lib_t,s0)
diff --git a/pdns.te b/pdns.te
@@ -23,6 +23,9 @@ systemd_unit_file(pdns_unit_file_t)
 type pdns_conf_t;
 files_config_file(pdns_conf_t)
 
+type pdns_var_lib_t;
+files_type(pdns_var_lib_t)
+
 type pdns_var_run_t;
 files_pid_file(pdns_var_run_t)
 
@@ -47,6 +50,10 @@ corenet_tcp_bind_dns_port(pdns_t)
 corenet_udp_bind_dns_port(pdns_t)
 corenet_tcp_bind_transproxy_port(pdns_t)
 
+manage_dirs_pattern(pdns_t, pdns_var_lib_t, pdns_var_lib_t)
+manage_files_pattern(pdns_t, pdns_var_lib_t, pdns_var_lib_t)
+files_var_lib_filetrans(pdns_t, pdns_var_lib_t, { dir file })
+
 files_pid_filetrans(pdns_t, pdns_var_run_t, { file sock_file })
 manage_files_pattern(pdns_t, pdns_var_run_t, pdns_var_run_t)
 manage_sock_files_pattern(pdns_t, pdns_var_run_t, pdns_var_run_t)
