[refpolicy] [PATCH 1/1] Allow system logger to write to cron log files

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 1/1] Allow system logger to write to cron log files
Date: Wed, 31 Oct 2012 10:30:17 -0400	[thread overview]
Message-ID: <509135F9.4040202@tresys.com> (raw)
In-Reply-To: <20121029191656.GA14388@siphos.be>

On 10/29/12 15:16, Sven Vermeulen wrote:
> The system logger is responsible for writing log events in various log files.
> Some of these log files are not labeled as var_log_t, but have their domains'
> specific logging type set. One of these is cron_log_t.
> 
> Allow syslogd_t to write to the cron log files, and introduce a file transition
> when the file is just created.

While we already have syslogd doing this for inn logs, your patch makes me question this.  Do we really want this?  It seems that we would want all of the syslog logs to be var_log_t.  If a service does logging itself, it would need a private log type, but if its logging to syslog, the logs should probably still come out var_log_t.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/logging.te |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> index 696e0c8..b16ddac 100644
> --- a/policy/modules/system/logging.te
> +++ b/policy/modules/system/logging.te
> @@ -490,6 +490,13 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	cron_create_log_files(syslogd_t)
> +	cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
> +	cron_setattr_log_files(syslogd_t)
> +	cron_write_log_files(syslogd_t)
> +')
> +
> +optional_policy(`
>  	inn_manage_log(syslogd_t)
>  ')

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

next prev parent reply	other threads:[~2012-10-31 14:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-29 19:16 [refpolicy] [PATCH 1/1] Allow system logger to write to cron log files Sven Vermeulen
2012-10-31 14:30 ` Christopher J. PeBenito [this message]
2012-10-31 14:46   ` Dominick Grift
2012-10-31 17:58     ` Sven Vermeulen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=509135F9.4040202@tresys.com \
    --to=cpebenito@tresys.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.