LinuxLists.cc - [refpolicy] [PATCH 1/1] Generalize syslog-ng pattern for syslogd_var_run

2013-10-21 18:37:20

Subject: [refpolicy] [PATCH 1/1] Generalize syslog-ng pattern for syslogd_var_run_t

On Gentoo, /var/run/syslog-ng.ctl is a socket, and there's also
/var/run/syslog-ng.pid, therefore the current pattern doesn't work.

Signed-off-by: Luis Ressel <[email protected]>
Acked-by: Sven Vermeulen <[email protected]>
---
policy/modules/system/logging.fc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index b50c5fe..e9a6713 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -63,8 +63,7 @@ ifdef(`distro_redhat',`
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
/var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
/var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,mls_systemhigh)
-/var/run/syslog-ng.ctl -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
-/var/run/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_run_t,s0)
+/var/run/syslog-ng(.*)? gen_context(system_u:object_r:syslogd_var_run_t,s0)

/var/spool/audit(/.*)? gen_context(system_u:object_r:audit_spool_t,mls_systemhigh)
/var/spool/bacula/log(/.*)? gen_context(system_u:object_r:var_log_t,s0)
--
1.8.1.5

2013-11-13 14:15:18

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] Generalize syslog-ng pattern for syslogd_var_run_t

On Mon Oct 21 14:37:20 2013, Sven Vermeulen wrote:
>
> On Gentoo, /var/run/syslog-ng.ctl is a socket, and there's also
> /var/run/syslog-ng.pid, therefore the current pattern doesn't work.
>
> Signed-off-by: Luis Ressel <[email protected]>
> Acked-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/system/logging.fc | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
> index b50c5fe..e9a6713 100644
> --- a/policy/modules/system/logging.fc
> +++ b/policy/modules/system/logging.fc
> @@ -63,8 +63,7 @@ ifdef(`distro_redhat',`
> /var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
> /var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,mls_systemhigh)
> -/var/run/syslog-ng.ctl -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
> -/var/run/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_run_t,s0)
> +/var/run/syslog-ng(.*)? gen_context(system_u:object_r:syslogd_var_run_t,s0)

(.*)? is the same as .*

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com