From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 24 Aug 2011 09:41:10 -0400 Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages In-Reply-To: <20110824131507.GA25303@localhost.localdomain> References: <20110823105722.GA2352@siphos.be> <4E54F828.8020200@tresys.com> <20110824131507.GA25303@localhost.localdomain> Message-ID: <4E54FF76.2040804@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/24/11 09:15, Dominick Grift wrote: > On Wed, Aug 24, 2011 at 09:10:00AM -0400, Christopher J. PeBenito wrote: >> On 08/23/11 06:57, Sven Vermeulen wrote: >>> Some applications that run within the user domain send messages to the syslog >>> daemon (for instance through the syslog() function). This patch allows the >>> userdomain to write to the devlog_t socket and interact properly with the >>> syslog daemon. >> >> Do you have some examples? My initial reaction is definitely not >> merged, as I don't want users to be able to flood the system logs. > > I do, the git-daemon run by users can be configured to use syslog. I allowed this by default in my git policy. Would you prefer a boolean "git_session_daemon_can_syslog" instead of allowing it by default? Thats a different domain. I'm speaking of unpriv user domains user_t, staff_t, etc. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com