Rename *_var_run_t types to *_runtime_t.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>

policy/modules/admin/bacula.fc

@@ -16,6 +16,6 @@
 
 /var/log/bacula.*	gen_context(system_u:object_r:bacula_log_t,s0)
 
-/run/bacula.*	--	gen_context(system_u:object_r:bacula_var_run_t,s0)
+/run/bacula.*	--	gen_context(system_u:object_r:bacula_runtime_t,s0)
 
 /var/spool/bacula.*	gen_context(system_u:object_r:bacula_spool_t,s0)

policy/modules/admin/bacula.if

@@ -68,7 +68,7 @@ interface(`bacula_admin',`
 	gen_require(`
 		type bacula_t, bacula_etc_t, bacula_log_t;
 		type bacula_spool_t, bacula_var_lib_t;
-		type bacula_var_run_t, bacula_initrc_exec_t;
+		type bacula_runtime_t, bacula_initrc_exec_t;
 	')
 
 	allow $1 bacula_t:process { ptrace signal_perms };
@@ -89,5 +89,5 @@ interface(`bacula_admin',`
 	admin_pattern($1, bacula_var_lib_t)
 
 	files_search_pids($1)
-	admin_pattern($1, bacula_var_run_t)
+	admin_pattern($1, bacula_runtime_t)
 ')

policy/modules/admin/bacula.te

@@ -30,8 +30,8 @@ files_mountpoint(bacula_store_t)
 type bacula_var_lib_t;
 files_type(bacula_var_lib_t)
 
-type bacula_var_run_t;
-files_pid_file(bacula_var_run_t)
+type bacula_runtime_t alias bacula_var_run_t;
+files_pid_file(bacula_runtime_t)
 
 type bacula_admin_t;
 type bacula_admin_exec_t;
@@ -65,8 +65,8 @@ manage_dirs_pattern(bacula_t, bacula_var_lib_t, bacula_var_lib_t)
 manage_files_pattern(bacula_t, bacula_var_lib_t, bacula_var_lib_t)
 files_var_lib_filetrans(bacula_t, bacula_var_lib_t, dir)
 
-allow bacula_t bacula_var_run_t:file manage_file_perms;
-files_pid_filetrans(bacula_t, bacula_var_run_t, file)
+allow bacula_t bacula_runtime_t:file manage_file_perms;
+files_pid_filetrans(bacula_t, bacula_runtime_t, file)
 
 kernel_read_kernel_sysctls(bacula_t)
 kernel_read_system_state(bacula_t)

policy/modules/admin/bcfg2.fc

@@ -6,4 +6,4 @@
 
 /var/lib/bcfg2(/.*)?	gen_context(system_u:object_r:bcfg2_var_lib_t,s0)
 
-/run/bcfg2-server\.pid	--	gen_context(system_u:object_r:bcfg2_var_run_t,s0)
+/run/bcfg2-server\.pid	--	gen_context(system_u:object_r:bcfg2_runtime_t,s0)

policy/modules/admin/bcfg2.if

@@ -135,7 +135,7 @@ interface(`bcfg2_manage_lib_dirs',`
 interface(`bcfg2_admin',`
 	gen_require(`
 		type bcfg2_t, bcfg2_initrc_exec_t, bcfg2_var_lib_t;
-		type bcfg2_var_run_t;
+		type bcfg2_runtime_t;
 	')
 
 	allow $1 bcfg2_t:process { ptrace signal_perms };
@@ -144,7 +144,7 @@ interface(`bcfg2_admin',`
 	init_startstop_service($1, $2, bcfg2_t, bcfg2_initrc_exec_t)
 
 	files_search_pids($1)
-	admin_pattern($1, bcfg2_var_run_t)
+	admin_pattern($1, bcfg2_runtime_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, bcfg2_var_lib_t)

policy/modules/admin/bcfg2.te

@@ -15,8 +15,8 @@ init_script_file(bcfg2_initrc_exec_t)
 type bcfg2_var_lib_t;
 files_type(bcfg2_var_lib_t)
 
-type bcfg2_var_run_t;
-files_pid_file(bcfg2_var_run_t)
+type bcfg2_runtime_t alias bcfg2_var_run_t;
+files_pid_file(bcfg2_runtime_t)
 
 ########################################
 #
@@ -31,8 +31,8 @@ manage_dirs_pattern(bcfg2_t, bcfg2_var_lib_t, bcfg2_var_lib_t)
 manage_files_pattern(bcfg2_t, bcfg2_var_lib_t, bcfg2_var_lib_t)
 files_var_lib_filetrans(bcfg2_t, bcfg2_var_lib_t, dir)
 
-manage_files_pattern(bcfg2_t, bcfg2_var_run_t, bcfg2_var_run_t)
-files_pid_filetrans(bcfg2_t, bcfg2_var_run_t, file)
+manage_files_pattern(bcfg2_t, bcfg2_runtime_t, bcfg2_runtime_t)
+files_pid_filetrans(bcfg2_t, bcfg2_runtime_t, file)
 
 kernel_read_system_state(bcfg2_t)
 

policy/modules/admin/blueman.te

@@ -12,8 +12,8 @@ dbus_system_domain(blueman_t, blueman_exec_t)
 type blueman_var_lib_t;
 files_type(blueman_var_lib_t)
 
-type blueman_var_run_t;
-files_pid_file(blueman_var_run_t)
+type blueman_runtime_t alias blueman_var_run_t;
+files_pid_file(blueman_runtime_t)
 
 ########################################
 #
@@ -28,9 +28,9 @@ manage_dirs_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
 manage_files_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
 files_var_lib_filetrans(blueman_t, blueman_var_lib_t, dir)
 
-manage_dirs_pattern(blueman_t, blueman_var_run_t, blueman_var_run_t)
-manage_files_pattern(blueman_t, blueman_var_run_t, blueman_var_run_t)
-files_pid_filetrans(blueman_t, blueman_var_run_t, { dir file })
+manage_dirs_pattern(blueman_t, blueman_runtime_t, blueman_runtime_t)
+manage_files_pattern(blueman_t, blueman_runtime_t, blueman_runtime_t)
+files_pid_filetrans(blueman_t, blueman_runtime_t, { dir file })
 
 kernel_read_net_sysctls(blueman_t)
 kernel_read_system_state(blueman_t)

policy/modules/admin/hwloc.fc

@@ -4,4 +4,4 @@
 
 /usr/sbin/hwloc-dump-hwdata	--	gen_context(system_u:object_r:hwloc_dhwd_exec_t,s0)
 
-/run/hwloc(/.*)?	gen_context(system_u:object_r:hwloc_var_run_t,s0)
+/run/hwloc(/.*)?	gen_context(system_u:object_r:hwloc_runtime_t,s0)

policy/modules/admin/hwloc.if

@@ -74,11 +74,11 @@ interface(`hwloc_exec_dhwd',`
 #
 interface(`hwloc_read_runtime_files',`
 	gen_require(`
-		type hwloc_var_run_t;
+		type hwloc_runtime_t;
 	')
 
 	files_search_pids($1)
-	read_files_pattern($1, hwloc_var_run_t, hwloc_var_run_t)
+	read_files_pattern($1, hwloc_runtime_t, hwloc_runtime_t)
 ')
 
 ########################################
@@ -95,12 +95,12 @@ interface(`hwloc_read_runtime_files',`
 #
 interface(`hwloc_admin',`
 	gen_require(`
-		type hwloc_dhwd_t, hwloc_var_run_t;
+		type hwloc_dhwd_t, hwloc_runtime_t;
 	')
 
 	allow $1 hwloc_dhwd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, hwloc_dhwd_t)
 
-	admin_pattern($1, hwloc_var_run_t)
-	files_pid_filetrans($1, hwloc_var_run_t, dir, "hwloc")
+	admin_pattern($1, hwloc_runtime_t)
+	files_pid_filetrans($1, hwloc_runtime_t, dir, "hwloc")
 ')

policy/modules/admin/hwloc.te

@@ -13,8 +13,8 @@ type hwloc_dhwd_exec_t;
 init_system_domain(hwloc_dhwd_t, hwloc_dhwd_exec_t)
 role hwloc_dhwd_roles types hwloc_dhwd_t;
 
-type hwloc_var_run_t;
-files_pid_file(hwloc_var_run_t)
+type hwloc_runtime_t alias hwloc_var_run_t;
+files_pid_file(hwloc_runtime_t)
 
 type hwloc_dhwd_unit_t;
 init_unit_file(hwloc_dhwd_unit_t)
@@ -24,8 +24,8 @@ init_unit_file(hwloc_dhwd_unit_t)
 # Local policy
 #
 
-allow hwloc_dhwd_t hwloc_var_run_t:dir manage_dir_perms;
-allow hwloc_dhwd_t hwloc_var_run_t:file manage_file_perms;
-files_pid_filetrans(hwloc_dhwd_t, hwloc_var_run_t, dir)
+allow hwloc_dhwd_t hwloc_runtime_t:dir manage_dir_perms;
+allow hwloc_dhwd_t hwloc_runtime_t:file manage_file_perms;
+files_pid_filetrans(hwloc_dhwd_t, hwloc_runtime_t, dir)
 
 dev_read_sysfs(hwloc_dhwd_t)

policy/modules/admin/kismet.fc

@@ -10,4 +10,4 @@ HOME_DIR/\.kismet(/.*)?	gen_context(system_u:object_r:kismet_home_t,s0)
 
 /var/log/kismet(/.*)?	gen_context(system_u:object_r:kismet_log_t,s0)
 
-/run/kismet_server\.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
+/run/kismet_server\.pid	--	gen_context(system_u:object_r:kismet_runtime_t,s0)

policy/modules/admin/kismet.if

@@ -94,11 +94,11 @@ interface(`kismet_run',`
 #
 interface(`kismet_read_pid_files',`
 	gen_require(`
-		type kismet_var_run_t;
+		type kismet_runtime_t;
 	')
 
 	files_search_pids($1)
-	allow $1 kismet_var_run_t:file read_file_perms;
+	allow $1 kismet_runtime_t:file read_file_perms;
 ')
 
 ########################################
@@ -114,11 +114,11 @@ interface(`kismet_read_pid_files',`
 #
 interface(`kismet_manage_pid_files',`
 	gen_require(`
-		type kismet_var_run_t;
+		type kismet_runtime_t;
 	')
 
 	files_search_pids($1)
-	allow $1 kismet_var_run_t:file manage_file_perms;
+	allow $1 kismet_runtime_t:file manage_file_perms;
 ')
 
 ########################################
@@ -282,7 +282,7 @@ interface(`kismet_manage_log',`
 #
 interface(`kismet_admin',`
 	gen_require(`
-		type kismet_t, kismet_var_lib_t, kismet_var_run_t;
+		type kismet_t, kismet_var_lib_t, kismet_runtime_t;
 		type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
 	')
 
@@ -295,7 +295,7 @@ interface(`kismet_admin',`
 	admin_pattern($1, kismet_var_lib_t)
 
 	files_search_pids($1)
-	admin_pattern($1, kismet_var_run_t)
+	admin_pattern($1, kismet_runtime_t)
 
 	logging_search_logs($1)
 	admin_pattern($1, kismet_log_t)

policy/modules/admin/kismet.te

@@ -30,8 +30,8 @@ files_tmp_file(kismet_tmpfs_t)
 type kismet_var_lib_t;
 files_type(kismet_var_lib_t)
 
-type kismet_var_run_t;
-files_pid_file(kismet_var_run_t)
+type kismet_runtime_t alias kismet_var_run_t;
+files_pid_file(kismet_runtime_t)
 
 ########################################
 #
@@ -70,8 +70,8 @@ allow kismet_t kismet_var_lib_t:file manage_file_perms;
 allow kismet_t kismet_var_lib_t:dir manage_dir_perms;
 files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir })
 
-allow kismet_t kismet_var_run_t:dir manage_dir_perms;
-files_pid_filetrans(kismet_t, kismet_var_run_t, file)
+allow kismet_t kismet_runtime_t:dir manage_dir_perms;
+files_pid_filetrans(kismet_t, kismet_runtime_t, file)
 
 can_exec(kismet_t, kismet_exec_t)
 

policy/modules/admin/kudzu.fc

@@ -6,4 +6,4 @@
 /usr/sbin/kmodule	--	gen_context(system_u:object_r:kudzu_exec_t,s0)
 /usr/sbin/kudzu		--	gen_context(system_u:object_r:kudzu_exec_t,s0)
 
-/run/kudzu(/.*)?	gen_context(system_u:object_r:kudzu_var_run_t,s0)
+/run/kudzu(/.*)?	gen_context(system_u:object_r:kudzu_runtime_t,s0)

policy/modules/admin/kudzu.if

@@ -82,7 +82,7 @@ interface(`kudzu_getattr_exec_files',`
 #
 interface(`kudzu_admin',`
 	gen_require(`
-		type kudzu_t, kudzu_initrc_exec_t, kudzu_var_run_t;
+		type kudzu_t, kudzu_initrc_exec_t, kudzu_runtime_t;
 		type kudzu_tmp_t;
 	')
 
@@ -95,5 +95,5 @@ interface(`kudzu_admin',`
 	admin_pattern($1, kudzu_tmp_t)
 
 	files_search_pids($1)
-	admin_pattern($1, kudzu_var_run_t)
+	admin_pattern($1, kudzu_runtime_t)
 ')

policy/modules/admin/kudzu.te

@@ -18,8 +18,8 @@ init_script_file(kudzu_initrc_exec_t)
 type kudzu_tmp_t;
 files_tmp_file(kudzu_tmp_t)
 
-type kudzu_var_run_t;
-files_pid_file(kudzu_var_run_t)
+type kudzu_runtime_t alias kudzu_var_run_t;
+files_pid_file(kudzu_runtime_t)
 
 ########################################
 #
@@ -38,9 +38,9 @@ manage_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
 manage_chr_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
 files_tmp_filetrans(kudzu_t, kudzu_tmp_t, { file dir chr_file })
 
-manage_dirs_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
-manage_files_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
-files_pid_filetrans(kudzu_t, kudzu_var_run_t, file)
+manage_dirs_pattern(kudzu_t, kudzu_runtime_t, kudzu_runtime_t)
+manage_files_pattern(kudzu_t, kudzu_runtime_t, kudzu_runtime_t)
+files_pid_filetrans(kudzu_t, kudzu_runtime_t, file)
 
 kernel_change_ring_buffer_level(kudzu_t)
 kernel_read_device_sysctls(kudzu_t)

policy/modules/admin/logwatch.fc

@@ -15,4 +15,4 @@
 
 /var/lock/logcheck.*	gen_context(system_u:object_r:logwatch_lock_t,s0)
 
-/run/epylog\.pid	--	gen_context(system_u:object_r:logwatch_var_run_t,s0)
+/run/epylog\.pid	--	gen_context(system_u:object_r:logwatch_runtime_t,s0)

policy/modules/admin/logwatch.te

@@ -26,8 +26,8 @@ files_lock_file(logwatch_lock_t)
 type logwatch_tmp_t;
 files_tmp_file(logwatch_tmp_t)
 
-type logwatch_var_run_t;
-files_pid_file(logwatch_var_run_t)
+type logwatch_runtime_t alias logwatch_var_run_t;
+files_pid_file(logwatch_runtime_t)
 
 mta_base_mail_template(logwatch)
 role system_r types logwatch_mail_t;
@@ -52,8 +52,8 @@ manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
 manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
 files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
 
-allow logwatch_t logwatch_var_run_t:file manage_file_perms;
-files_pid_filetrans(logwatch_t, logwatch_var_run_t, file)
+allow logwatch_t logwatch_runtime_t:file manage_file_perms;
+files_pid_filetrans(logwatch_t, logwatch_runtime_t, file)
 
 kernel_read_fs_sysctls(logwatch_t)
 kernel_read_kernel_sysctls(logwatch_t)

policy/modules/admin/mcelog.fc

@@ -8,4 +8,4 @@
 
 /var/log/mcelog.*	--	gen_context(system_u:object_r:mcelog_log_t,s0)
 
-/run/mcelog.*	gen_context(system_u:object_r:mcelog_var_run_t,s0)
+/run/mcelog.*	gen_context(system_u:object_r:mcelog_runtime_t,s0)

policy/modules/admin/mcelog.if

@@ -39,7 +39,7 @@ interface(`mcelog_domtrans',`
 interface(`mcelog_admin',`
 	gen_require(`
 		type mcelog_t, mcelog_initrc_exec_t, mcelog_log_t;
-		type mcelog_var_run_t, mcelog_etc_t;
+		type mcelog_runtime_t, mcelog_etc_t;
 	')
 
 	allow $1 mcelog_t:process { ptrace signal_perms };
@@ -54,5 +54,5 @@ interface(`mcelog_admin',`
 	admin_pattern($1, mcelog_log_t)
 
 	files_search_pids($1)
-	admin_pattern($1, mcelog_var_run_t)
+	admin_pattern($1, mcelog_runtime_t)
 ')

policy/modules/admin/mcelog.te

@@ -57,8 +57,8 @@ files_config_file(mcelog_etc_t)
 type mcelog_log_t;
 logging_log_file(mcelog_log_t)
 
-type mcelog_var_run_t;
-files_pid_file(mcelog_var_run_t)
+type mcelog_runtime_t alias mcelog_var_run_t;
+files_pid_file(mcelog_runtime_t)
 
 ########################################
 #
@@ -77,10 +77,10 @@ create_files_pattern(mcelog_t, mcelog_log_t, mcelog_log_t)
 setattr_files_pattern(mcelog_t, mcelog_log_t, mcelog_log_t)
 logging_log_filetrans(mcelog_t, mcelog_log_t, { dir file })
 
-manage_dirs_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
-manage_files_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
-manage_sock_files_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
-files_pid_filetrans(mcelog_t, mcelog_var_run_t, { dir file sock_file })
+manage_dirs_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
+manage_files_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
+manage_sock_files_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
+files_pid_filetrans(mcelog_t, mcelog_runtime_t, { dir file sock_file })
 
 kernel_read_system_state(mcelog_t)
 

policy/modules/admin/mrtg.fc

@@ -13,4 +13,4 @@
 
 /var/log/mrtg.*	gen_context(system_u:object_r:mrtg_log_t,s0)
 
-/run/mrtg\.pid	--	gen_context(system_u:object_r:mrtg_var_run_t,s0)
+/run/mrtg\.pid	--	gen_context(system_u:object_r:mrtg_runtime_t,s0)

policy/modules/admin/mrtg.if

@@ -57,7 +57,7 @@ interface(`mrtg_append_create_logs',`
 #
 interface(`mrtg_admin',`
 	gen_require(`
-		type mrtg_t, mrtg_var_run_t, mrtg_initrc_exec_t;
+		type mrtg_t, mrtg_runtime_t, mrtg_initrc_exec_t;
 		type mrtg_var_lib_t, mrtg_lock_t, mrtg_log_t;
 		type mrtg_etc_t;
 	')
@@ -77,7 +77,7 @@ interface(`mrtg_admin',`
 	admin_pattern($1, mrtg_log_t)
 
 	files_search_pids($1)
-	admin_pattern($1, mrtg_var_run_t)
+	admin_pattern($1, mrtg_runtime_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, mrtg_var_lib_t)