From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 12:57:22 +0200
Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages
Message-ID: <20110823105722.GA2352@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Some applications that run within the user domain send messages to the syslog
daemon (for instance through the syslog() function). This patch allows the
userdomain to write to the devlog_t socket and interact properly with the
syslog daemon.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/userdomain.if |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index c6d3cc8..17abfcf 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -965,6 +965,8 @@ template(`userdom_unpriv_user_template', `
 	# cjp: why?
 	files_read_kernel_symbol_table($1_t)
 
+	logging_send_syslog_msg($1_t)
+
 	ifndef(`enable_mls',`
 		fs_exec_noxattr($1_t)
 
-- 
1.7.3.4