From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 29 Aug 2012 10:49:29 -0400
Subject: [refpolicy] [PATCH]: add lost+found filesystem labels to
 support NSA security guidelines
In-Reply-To: <50395AF6.8090506@trentalancia.com>
References: <50395AF6.8090506@trentalancia.com>
Message-ID: <503E2BF9.9000709@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/25/12 19:08, Guido Trentalancia wrote:
> Add lost+found filesystem label to /var/log and /var/log/audit.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/kernel/files.fc |    6 ++++++
>   1 file changed, 6 insertions(+)
> 
> --- refpolicy-25082012/policy/modules/kernel/files.fc	2012-08-25 
> 17:52:10.037296340 +0200
> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc 
> 2012-08-26 00:38:29.364804301 +0200
> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
> 
>   /var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)
> 
> +/var/log/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/lost\+found/.*		<<none>>
> +
> +/var/log/audit/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/audit/lost\+found/.*		<<none>>
> +
>   /var/lost\+found	-d 
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>   /var/lost\+found/.*		<<none>>

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com