Written by: Martin Orr

Allow lvm to create a directory in /var/lock

Index: policy/modules/system/lvm.te
===================================================================
--- policy/modules/system/lvm.te.orig
+++ policy/modules/system/lvm.te
@@ -167,7 +167,7 @@
 # net_admin for multipath
 allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio net_admin };
 dontaudit lvm_t self:capability sys_tty_config;
-allow lvm_t self:process { sigchld sigkill sigstop signull signal };
+allow lvm_t self:process { setfscreate sigchld sigkill sigstop signull signal };
 # LVM will complain a lot if it cannot set its priority.
 allow lvm_t self:process setsched;
 allow lvm_t self:file rw_file_perms;
@@ -192,7 +192,8 @@
 
 # Creating lock files
 manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
-files_lock_filetrans(lvm_t, lvm_lock_t, file)
+manage_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
+files_lock_filetrans(lvm_t, lvm_lock_t, { file dir })
 
 manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
 manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)