1 |
On 01/30/2011 07:39 PM, d hee wrote: |
2 |
> The Author was covering writing a SELinux policy. In it he included a PID file. What use does this PID file serve and why is it needed in the SELinux Policy? |
3 |
> |
4 |
The PID file is not specific to SELinux. Many processes create PID |
5 |
files so that other processes can determine if they are still running, |
6 |
or so that another instance of this executable can determine if it is |
7 |
already running. The PID file is nothing more than a file into which a |
8 |
process writes its Process ID (PID) when it starts up. By convention |
9 |
the PID file is usually placed in a file located in /var/run, and named |
10 |
according to the process which created it (e.g. cron will create |
11 |
cron.pid, syslog-ng will create syslog-ng.pid). |
12 |
|
13 |
From SELinux's perspecive, a PID file is special only because a process |
14 |
may need permission to create the file in /var/run (which is a |
15 |
restricted directory) and other processes may need permission to read |
16 |
the file. For this reason, SELinux has a special pidfile attribute that |
17 |
denotes the fact that this file is a PID file, and the files_pidfile |
18 |
interface is used to assign this attribute as well as another attribute |
19 |
indicating this is a generic non-security file (as opposed to e.g. an |
20 |
executable file or a private data file to which access should be |
21 |
restricted). |
22 |
|
23 |
HTH |
24 |
|
25 |
Later, |
26 |
Chris |