| 1 |
On 01/30/2011 07:39 PM, d hee wrote: |
| 2 |
> The Author was covering writing a SELinux policy. In it he included a PID file. What use does this PID file serve and why is it needed in the SELinux Policy? |
| 3 |
> |
| 4 |
The PID file is not specific to SELinux. Many processes create PID |
| 5 |
files so that other processes can determine if they are still running, |
| 6 |
or so that another instance of this executable can determine if it is |
| 7 |
already running. The PID file is nothing more than a file into which a |
| 8 |
process writes its Process ID (PID) when it starts up. By convention |
| 9 |
the PID file is usually placed in a file located in /var/run, and named |
| 10 |
according to the process which created it (e.g. cron will create |
| 11 |
cron.pid, syslog-ng will create syslog-ng.pid). |
| 12 |
|
| 13 |
From SELinux's perspecive, a PID file is special only because a process |
| 14 |
may need permission to create the file in /var/run (which is a |
| 15 |
restricted directory) and other processes may need permission to read |
| 16 |
the file. For this reason, SELinux has a special pidfile attribute that |
| 17 |
denotes the fact that this file is a PID file, and the files_pidfile |
| 18 |
interface is used to assign this attribute as well as another attribute |
| 19 |
indicating this is a generic non-security file (as opposed to e.g. an |
| 20 |
executable file or a private data file to which access should be |
| 21 |
restricted). |
| 22 |
|
| 23 |
HTH |
| 24 |
|
| 25 |
Later, |
| 26 |
Chris |
Archives