Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCFA7C43381 for ; Wed, 20 Feb 2019 16:37:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8CCF22147C for ; Wed, 20 Feb 2019 16:37:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="ayxCgOEL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726428AbfBTQhv (ORCPT ); Wed, 20 Feb 2019 11:37:51 -0500 Received: from mail-eopbgr800108.outbound.protection.outlook.com ([40.107.80.108]:4064 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725798AbfBTQhv (ORCPT ); Wed, 20 Feb 2019 11:37:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kXhZU+LuXv1QPATGnWYH0o0npI+qbsdIv1xV8phi0AQ=; b=ayxCgOELNOsi8+7pclu1gcjZcrHL+Zha9spSH8gWUgApFdeSB0mFiNO/S29KnPOhSKi4363pHJxp/bCxipW1PjqEmYnmwgdWfTsy3mvMRLXJyo8mFbfjaHFwQLEYn9XXOcN9gSb2t5CuF/5M7/w7HoyAZCS+fXeF+5ld91ygja0= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1746.namprd15.prod.outlook.com (10.174.114.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15; Wed, 20 Feb 2019 16:37:46 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::f1c7:33d:34ac:bdce]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::f1c7:33d:34ac:bdce%3]) with mapi id 15.20.1622.020; Wed, 20 Feb 2019 16:37:46 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH v2] Add interface to get status of rsyslog service Thread-Topic: [PATCH v2] Add interface to get status of rsyslog service Thread-Index: AQHUyTqb82h9PmlwOUGx7qFfq/2MdA== Date: Wed, 20 Feb 2019 16:37:46 +0000 Message-ID: <20190220163709.27002-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: BN6PR18CA0021.namprd18.prod.outlook.com (2603:10b6:404:121::31) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 892e7f1e-21df-464d-deb0-08d69751be13 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600110)(711020)(4605104)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1746; x-ms-traffictypediagnostic: BN6PR15MB1746: x-microsoft-exchange-diagnostics: =?iso-8859-1?Q?1;BN6PR15MB1746;23:o6zSB5SIMu7pKz99pGha6OkQbm0oJOIC5svZP/z?= =?iso-8859-1?Q?WTiogfX/ocVTxh+HReDV1VXhs96yh/haunDgL5se4DFQkhYatZNzelVIbg?= =?iso-8859-1?Q?U5j5tQH+DOh+apai4eNTRZfEmHx/PUbeDCmYkuuHpvN1evwtwoldTbs1xf?= =?iso-8859-1?Q?aCsf+q54I7z2YFBwAylPad85YpTh4oOdQeUBgbRDRA7+1mDoTKXvgbPXJJ?= =?iso-8859-1?Q?YhXomWBQmWfTzFqwqqXBsEFzIBQ6MCozLKGbCYw2M04/t0YMtALVbq3uwA?= =?iso-8859-1?Q?ztKrnHyRCvvqsoUFgC1tcQ25wRWyWRJbYj/S+6yjIOHBDxooVRmw1T7tHI?= =?iso-8859-1?Q?8tYoolOF4RW9dmxN3rYV0UPoVoQd+YUAI/d25hGtsy9LjlPrlCd/fKTL4F?= =?iso-8859-1?Q?r/H9llcC0iTpv8r8YPSYQXwwdf6c8hxxeBAjtCHA7ItsxVse83Kfv5WHzm?= =?iso-8859-1?Q?FybtogrbkxZ2Cqltsv0e5ynKjVtdeaU5jGMpmzm2ekzUZb8mwG/8WRt2uB?= =?iso-8859-1?Q?6E0ak1wb9pL0LH+Fcj4F9R1qvxhWTSSWKzHyLphH5lqSfHtRKQBHgPBppB?= =?iso-8859-1?Q?9AI6v78leramkonotflTmE18VqobyK1v1fzaxf9R4zeazyp0cCBDvnd2Qr?= =?iso-8859-1?Q?6goS2+GU0v2Y/GOKWNMIEVbL1Uws4zxiTq7zHh2LwOv4Jv4Vt4ZQn6oLca?= =?iso-8859-1?Q?x9r+nAqjnVo3BPDAs17+qRlvuBvEWU4tiFJm60Br4E+yFY2kkY3nf8GiIb?= =?iso-8859-1?Q?GTlasWWNUE810pHKd3bBtk+AApVdM/Ph349jsQDlaIrJSQgr95/hHPSj7+?= =?iso-8859-1?Q?k+uR4IqipdcxkzvaRZhWH1qLRPKL3q388KaW5ncNUH/TDB7WZuHVkhOO2k?= =?iso-8859-1?Q?5UWT1U7Hc1cWs1TnVZKWjxUJwyW9qqWjd7cLr425jgZQxkRhdQj8EFDf4a?= =?iso-8859-1?Q?/XKk8K/UySAoGOEb3QYMBaR0+woVtjs8VBFZtxsUkzjzWDVPkrsf1uIkXL?= =?iso-8859-1?Q?dwk1afN8jFzGBD+LDRHVV1wMYPweJdO8DRtjQh9+HgT/IN8W4gMVZoQ1TP?= =?iso-8859-1?Q?0lvrOMfUayYA1GgdMWVLg+q9fba2TvWH3GiYYESb1BrtFJ8g0sYQlay4rP?= =?iso-8859-1?Q?bzQnpRbK0HVi+f6EPcJBIvPikeELrsMRhO656YXyGT3/QGapz0W0ANGSqd?= =?iso-8859-1?Q?/3xiGPuuPBHaZsXRWHhcEzcND3F5qIvsQdhCRSiBHRROaHoy5tn/hwrRc9?= =?iso-8859-1?Q?TmocDntagdIOUPXbY?= x-microsoft-antispam-prvs: x-forefront-prvs: 0954EE4910 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(376002)(346002)(136003)(396003)(39840400004)(189003)(199004)(106356001)(486006)(25786009)(68736007)(186003)(81156014)(8676002)(99286004)(6512007)(66066001)(8936002)(102836004)(50226002)(5660300002)(508600001)(2501003)(26005)(105586002)(305945005)(2616005)(476003)(386003)(6506007)(7736002)(14444005)(256004)(81166006)(97736004)(6916009)(3846002)(6116002)(2906002)(71200400001)(316002)(36756003)(2351001)(71190400001)(52116002)(53936002)(86362001)(14454004)(6436002)(6486002)(1076003)(5640700003)(4744005);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1746;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: r8eDs0D7eoyyuAcnOZ/YkehTK65FTnOYztCRt6tJXFsdVQQxFVRwLVnb56ZwJi0iKPUdproZHky/93Vb+ZuiGT1+mwd9SOwaggadvaBEuhsQF0H4/Mxy3OuqKIADcBx6eOBMdGmDBwI0/JXxFkKtL6xOlzgJQUKGI56BMx7yi7MyCoMcGBOETQok4PQlK/grwMDnnt6TkJNi6UjzH4WH1aULXye++JJeWt5YGXIY5lHbUKNVTizEG2sf8R++/pxKuYcf4YlftGbnb9hHQC8spv3Tck8CUsvtSWy3EAQL/wzgw5a8+y5NPIt6KYKgxXw4hs6MDklOTxhhQeJqw4d3Z/0/C5cZKR9txdO1pCyBVJdK/orthtkjXs+IOOD3oUCPken7psnEOBD/vv24W5EiR4d6HyPYSMDro0Vkj0Hk8GA= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 892e7f1e-21df-464d-deb0-08d69751be13 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2019 16:37:45.6041 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1746 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Updated based on feedback. Signed-off-by: Dave Sugar --- policy/modules/system/logging.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/system/logging.if b/policy/modules/system/loggi= ng.if index 16091eb6..c86c4bd9 100644 --- a/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if @@ -427,6 +427,25 @@ interface(`logging_domtrans_syslog',` ') ') =20 +######################################## +## +## Allow specified domain to check status of syslog unit +## +## +## +## Domain allowed access. +## +## +# +interface(`logging_status_syslog',` + gen_require(` + type syslogd_unit_t; + class service status; + ') + + allow $1 syslogd_unit_t:service status; +') + ######################################## ## ## Set the attributes of syslog temporary files. --=20 2.20.1