From: pebenito@gentoo.org (Chris PeBenito) Date: Sat, 24 Apr 2010 08:03:02 -0400 Subject: [refpolicy] [PATCH 1/1] allow syslog-ng to setrlimit In-Reply-To: <1271399350-4256-1-git-send-email-gizmo@giz-works.com> References: <1271399350-4256-1-git-send-email-gizmo@giz-works.com> Message-ID: <1272110582.2828.2.camel@defiant> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2010-04-16 at 06:29 +0000, Chris Richards wrote: > syslog-ng wants to increase the number of permissible open files from 256 to 4096 on unix/linux systems. Merged. > Signed-off-by: Chris Richards > --- > policy/modules/system/logging.te | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te > index 1b05b64..5004241 100644 > --- a/policy/modules/system/logging.te > +++ b/policy/modules/system/logging.te > @@ -342,7 +342,8 @@ optional_policy(` > allow syslogd_t self:capability { dac_override sys_resource sys_tty_config net_admin sys_admin chown fsetid }; > dontaudit syslogd_t self:capability sys_tty_config; > # setpgid for metalog > -allow syslogd_t self:process { signal_perms setpgid }; > +# setrlimit for syslog-ng > +allow syslogd_t self:process { signal_perms setpgid setrlimit }; > # receive messages to be logged > allow syslogd_t self:unix_dgram_socket create_socket_perms; > allow syslogd_t self:unix_stream_socket create_stream_socket_perms; -- Chris PeBenito Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243