kernel/files: add interface files_create_generic_tmp_sockets

Signed-off-by: Marc Schiffbauer <[email protected]>
gentoo · Dec 6, 2024 · 9338589 · 9338589
1 parent ec2e775
commit 9338589
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
@@ -7462,6 +7462,24 @@ interface(`files_create_all_runtime_sockets',`
 	allow $1 pidfile:sock_file create_sock_file_perms;
 ')
 
+########################################
+## <summary>
+##     Create tmp_t sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_create_generic_tmp_sockets',`
+        gen_require(`
+                type tmp_t;
+        ')
+
+	allow $1 tmp_t:sock_file create_sock_file_perms;
+')
+
 ########################################
 ## <summary>
 ##     Delete all runtime sockets.