From: gizmo@giz-works.com (Chris Richards) Date: Fri, 16 Apr 2010 06:29:10 +0000 Subject: [refpolicy] [PATCH 1/1] allow syslog-ng to setrlimit Message-ID: <1271399350-4256-1-git-send-email-gizmo@giz-works.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com syslog-ng wants to increase the number of permissible open files from 256 to 4096 on unix/linux systems. Signed-off-by: Chris Richards --- policy/modules/system/logging.te | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 1b05b64..5004241 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -342,7 +342,8 @@ optional_policy(` allow syslogd_t self:capability { dac_override sys_resource sys_tty_config net_admin sys_admin chown fsetid }; dontaudit syslogd_t self:capability sys_tty_config; # setpgid for metalog -allow syslogd_t self:process { signal_perms setpgid }; +# setrlimit for syslog-ng +allow syslogd_t self:process { signal_perms setpgid setrlimit }; # receive messages to be logged allow syslogd_t self:unix_dgram_socket create_socket_perms; allow syslogd_t self:unix_stream_socket create_stream_socket_perms; -- 1.6.4.4