From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 24 Aug 2011 21:50:06 +0200 Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages In-Reply-To: <4E54F828.8020200@tresys.com> References: <20110823105722.GA2352@siphos.be> <4E54F828.8020200@tresys.com> Message-ID: <20110824195005.GA3011@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Aug 24, 2011 at 09:10:00AM -0400, Christopher J. PeBenito wrote: > On 08/23/11 06:57, Sven Vermeulen wrote: > > Some applications that run within the user domain send messages to the syslog > > daemon (for instance through the syslog() function). This patch allows the > > userdomain to write to the devlog_t socket and interact properly with the > > syslog daemon. > > Do you have some examples? My initial reaction is definitely not > merged, as I don't want users to be able to flood the system logs. > The one that triggered the creation of the patch was to support bashlogger (feature of bash that logs all activity to the system logger). Another one we had a way back (but I just informed the user how to allow it for himself then) was for a chat client (i think it was weechatter, but the case was applicable to others as well) configured to log things to the system log. I don't mind if this is deemed a bit too intrusive for regular purposes. Wkr, Sven Vermeulen