From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 24 Aug 2011 10:16:24 -0400
Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog
	messages
In-Reply-To: <20110824135105.GB25303@localhost.localdomain>
References: <20110823105722.GA2352@siphos.be> <4E54F828.8020200@tresys.com>
	<20110824131507.GA25303@localhost.localdomain>
	<4E54FF76.2040804@tresys.com>
	<20110824135105.GB25303@localhost.localdomain>
Message-ID: <4E5507B8.3080609@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/24/11 09:51, Dominick Grift wrote:
> On Wed, Aug 24, 2011 at 09:41:10AM -0400, Christopher J. PeBenito wrote:
>> On 08/24/11 09:15, Dominick Grift wrote:
>>> On Wed, Aug 24, 2011 at 09:10:00AM -0400, Christopher J. PeBenito wrote:
>>>> On 08/23/11 06:57, Sven Vermeulen wrote:
>  ... snip ... 
>>> I do, the git-daemon run by users can be configured to use syslog. I allowed this by default in my git policy. Would you prefer a boolean "git_session_daemon_can_syslog" instead of allowing it by default?
>>
>> Thats a different domain.  I'm speaking of unpriv user domains user_t,
>> staff_t, etc.
> 
> Until a git (session) daemon domain is implemented it runs in the unprivileged user domain.

Ok.  I don't see this as a good reason to allow this.  A user running a
daemon should be logging to their home directory.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com