> +## Allow the specified domain to read generic > +## files in /bin. These files are various program > +## files that do not have more specific SELinux types. > +##
> +##> +## Search the /var/log directory. This is > +## necessary to access files or directories under > +## /var/log that have a private type. For example, a > +## domain accessing a private log file in the > +## /var/log directory: > +##
> +##> +## allow mydomain_t mylogfile_t:file read_file_perms; > +## files_search_var_log(mydomain_t) > +##
> +##