Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6625DC4360F for ; Mon, 18 Feb 2019 20:00:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2A71F217F5 for ; Mon, 18 Feb 2019 20:00:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="uSdlzlIn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727561AbfBRUAc (ORCPT ); Mon, 18 Feb 2019 15:00:32 -0500 Received: from mail-eopbgr700137.outbound.protection.outlook.com ([40.107.70.137]:5280 "EHLO NAM04-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725308AbfBRUAc (ORCPT ); Mon, 18 Feb 2019 15:00:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oPMkH7yZgPdnAXxlh0oFUwDG2H0XBD/gWM47c+zibNY=; b=uSdlzlInHvH9/x+ppEJh+TSHteLxhVTurNIZwf6OD1xMOJQugNNuUk/0Bb/uQLixR2bacJ7f6C5HOiALEMEeNWcEVw7Zx72NMtdEkaU/mTv505Ke4kukJ7mI40WYJDTtA28JE9Bu/0e/WfOnAqSQQ65SelNDMgsojf7wB3GmhAw= Received: from CY4PR15MB1509.namprd15.prod.outlook.com (10.172.160.141) by CY4PR15MB1574.namprd15.prod.outlook.com (10.172.161.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16; Mon, 18 Feb 2019 20:00:29 +0000 Received: from CY4PR15MB1509.namprd15.prod.outlook.com ([fe80::14f9:b981:d24b:f988]) by CY4PR15MB1509.namprd15.prod.outlook.com ([fe80::14f9:b981:d24b:f988%7]) with mapi id 15.20.1622.020; Mon, 18 Feb 2019 20:00:29 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] Add interface to get status of rsyslog service Thread-Topic: [PATCH] Add interface to get status of rsyslog service Thread-Index: AQHUx8SYkyy7Efp8ckeUSLesd5stMw== Date: Mon, 18 Feb 2019 20:00:29 +0000 Message-ID: <20190218200017.4439-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: BN6PR2001CA0038.namprd20.prod.outlook.com (2603:10b6:405:16::24) To CY4PR15MB1509.namprd15.prod.outlook.com (2603:10b6:903:fd::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8c590c51-f90d-4a0b-a13e-08d695dbbb25 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020);SRVR:CY4PR15MB1574; x-ms-traffictypediagnostic: CY4PR15MB1574: x-microsoft-exchange-diagnostics: =?iso-8859-1?Q?1;CY4PR15MB1574;23:1o8z3slg7v1KeSY+yVEsxFx6cO9D+fX/zwj4V0y?= =?iso-8859-1?Q?msA6xGSz4RoVFkXsJvK0PX0q5f2Ni0xX47i1COP1vuwdMwKx7SKsMzIFDH?= =?iso-8859-1?Q?oESeUVtEERkZjbrqAFUYQujmfrRSgSDF3jV0HVLQ8XQH0KjiYNKMMOzrph?= =?iso-8859-1?Q?tPe4iPMh6GFzJg+MGmZqR/0tUQO4liJg6U0u6+32tbhdjL9nsTe2W6rlQV?= =?iso-8859-1?Q?ucFmNHnkaIsE/SuiAhuEAlcP0QgBNI+EsZqesOFc2jk5IZRRLjQV0xfTQJ?= =?iso-8859-1?Q?HEoJ9whwD6SrJprFVewOJE1NdALL0ADlwXUm6jHeQApMd3w9vFs7s4YvQ5?= =?iso-8859-1?Q?yQ56JiVU0ixf5xJ5WUfLFJleO08YClipGlDtIya8LMjxNvH0IEdu3fAq32?= =?iso-8859-1?Q?qNuJnZINy5cKmKnu+vW37eQGWQ1VyMiL2prdZNT+NB8IlQTyKO9RcRoOM9?= =?iso-8859-1?Q?YEMw+oyOdDGt0/zFYu6eItqloloa9JiItXT/rSsXNGQiWvhLhzHntM2Dsx?= =?iso-8859-1?Q?or7Ihcv3gTF/IzVAvlNZ1kCwsTfGZyqdGN1kfreioFATd/m/tN3Ze3V3nM?= =?iso-8859-1?Q?7y+KwKHUQKYGeWaYifxTcvA8caxMyYZeiVTWZRa9yBKpvGA4W0YMImtFd4?= =?iso-8859-1?Q?ChCggDK8qUPhavwk6w7mh2xKf7cOx/+qtJSwxdT4D86UyOjKjJlFAcjT3A?= =?iso-8859-1?Q?osqK4AheDjrZiNastvcFDJfTAlA2iBVwBdoRaJYo44bjBi6qB1W3YuAY6z?= =?iso-8859-1?Q?WeFnYOR3JNcbZebm2bwdiql3J92tPAw635/AvuSLoqEa8S+CxKTrUJP2CZ?= =?iso-8859-1?Q?1uallAaJ5NzgQy/JGliWPfmg/GmRJ8DdLbZW0G/lMZD48TM8irTPt34D+4?= =?iso-8859-1?Q?A6XDF8mbbuguSXLzQr7nRBZQA95/GcWJqlmdYGpk5pVmvos2VGNwDmTrAL?= =?iso-8859-1?Q?2hrj36ltvRfGZtnVUg+ABstckvWcvgVBa7aMFhb/OkNKzkgjzHk99jElGv?= =?iso-8859-1?Q?7ahJJRSmbN7nHP0yqK9ksjnalBlybr7zZkxZJtC6U9CxgecqoGmAuQXNWk?= =?iso-8859-1?Q?3OtDgS+lnNmNNjDXCjsurhYXIa9ugkE6MzXZeQN7xhz3vbY+F99vlHTkOJ?= =?iso-8859-1?Q?qt1tHKeRjf0ysnYkI7Yf1MI+NucXXxuR8uRMcTjFg8nKaztqePgc1hagHg?= =?iso-8859-1?Q?LXQfWoWkWx/5rw1ieTMyz3zSkyEdHQdQmBJHF3ZMDh04hSQPrJ7KIgcwOE?= =?iso-8859-1?Q?ZfP18zgM3R/kuKkyR?= x-microsoft-antispam-prvs: x-forefront-prvs: 09525C61DB x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(376002)(136003)(396003)(366004)(39830400003)(189003)(199004)(1076003)(5660300002)(81166006)(6506007)(8676002)(25786009)(6916009)(386003)(8936002)(81156014)(52116002)(14444005)(256004)(316002)(97736004)(53936002)(102836004)(5640700003)(26005)(68736007)(6436002)(486006)(2351001)(2616005)(2906002)(508600001)(476003)(305945005)(3846002)(6116002)(7736002)(50226002)(106356001)(99286004)(86362001)(6512007)(71190400001)(36756003)(66066001)(4744005)(105586002)(71200400001)(14454004)(6486002)(186003)(2501003);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR15MB1574;H:CY4PR15MB1509.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Xg8N5/ibre7U7e5oBz/hL/3MJmApcSgQkR+Ax/2QXUFfk/OkDC6kDIAEQtEROwB0vY4vC/YwtYfqeOwM8fPltvrxJtnzGi3DW6D/UH+EPzdYUcIgsmd46FfNKihxpSymAEvnFieQ7QnYTEhMs7RGAtTSMbgpsJbOBfoi2N16ZYC/Q/0v3KLC6vrc9pT/jVFdiDv6GdR2a/AjdQ8yQgoRXc/d9aVsgkKY/A6f/US1kqV7kZTFwV05yjOFHCXUUr7pEX1h/pezasSSRHJFDDzzXiKjmcBm9hWMnJ9VztBqf+swmwY34gB9KZQGPnwjpgvt7JAnpo+MucujipGytW7vj3cLm0PO7THhv0Hw4SgfDbVuxdNxxVGtjuYTXZ3wN0dnaYpFCxG89Dw6kmgWMgBATRno8eZ05eAlXPiw3onV6Dg= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8c590c51-f90d-4a0b-a13e-08d695dbbb25 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2019 20:00:28.7634 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1574 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Signed-off-by: Dave Sugar --- policy/modules/system/logging.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/system/logging.if b/policy/modules/system/loggi= ng.if index 16091eb6..21ec6501 100644 --- a/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if @@ -1222,6 +1222,25 @@ interface(`logging_admin_audit',` dontaudit $1 auditd_log_t:file map; ') =20 +######################################## +## +## Allow specified domain to check status of syslog unit +## +## +## +## Domain allowed access. +## +## +# +interface(`logging_status_syslog',` + gen_require(` + type syslogd_unit_t; + class service status; + ') + + allow $1 syslogd_unit_t:service status; +') + ######################################## ## ## All of the rules required to administrate --=20 2.20.1