From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 24 Aug 2011 09:10:00 -0400 Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages In-Reply-To: <20110823105722.GA2352@siphos.be> References: <20110823105722.GA2352@siphos.be> Message-ID: <4E54F828.8020200@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/23/11 06:57, Sven Vermeulen wrote: > Some applications that run within the user domain send messages to the syslog > daemon (for instance through the syslog() function). This patch allows the > userdomain to write to the devlog_t socket and interact properly with the > syslog daemon. Do you have some examples? My initial reaction is definitely not merged, as I don't want users to be able to flood the system logs. > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/userdomain.if | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if > index c6d3cc8..17abfcf 100644 > --- a/policy/modules/system/userdomain.if > +++ b/policy/modules/system/userdomain.if > @@ -965,6 +965,8 @@ template(`userdom_unpriv_user_template', ` > # cjp: why? > files_read_kernel_symbol_table($1_t) > > + logging_send_syslog_msg($1_t) > + > ifndef(`enable_mls',` > fs_exec_noxattr($1_t) > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com