Linux Archive - PID File/SElinux Policy

On 01/30/2011 07:39 PM, d hee wrote:

The Author was covering writing a SELinux policy. In it he included a PID file. What use does this PID file serve and why is it needed in the SELinux Policy?

The PID file is not specific to SELinux. Many processes create PID
files so that other processes can determine if they are still running,
or so that another instance of this executable can determine if it is
already running. The PID file is nothing more than a file into which a
process writes its Process ID (PID) when it starts up. By convention
the PID file is usually placed in a file located in /var/run, and named
according to the process which created it (e.g. cron will create
cron.pid, syslog-ng will create syslog-ng.pid).

From SELinux's perspecive, a PID file is special only because a process
may need permission to create the file in /var/run (which is a
restricted directory) and other processes may need permission to read
the file. For this reason, SELinux has a special pidfile attribute that
denotes the fact that this file is a PID file, and the files_pidfile
interface is used to assign this attribute as well as another attribute
indicating this is a generic non-security file (as opposed to e.g. an
executable file or a private data file to which access should be
restricted).

HTH

Later,
Chris