From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 2 Jul 2012 10:45:13 -0400 Subject: [refpolicy] [PATCH 1/6] Support log location for init script logging In-Reply-To: <1340833933-27811-2-git-send-email-sven.vermeulen@siphos.be> References: <1340833933-27811-1-git-send-email-sven.vermeulen@siphos.be> <1340833933-27811-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <4FF1B3F9.5030100@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/27/12 17:52, Sven Vermeulen wrote: > Recent init script packages allow for logging init script progress (service > start/stop state information, sometimes even duration, etc.) so we introduce an > initrc_var_log_t logtype and allow initrc_t to manage this. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/init.te | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te > index 5fb9683..9fdd704 100644 > --- a/policy/modules/system/init.te > +++ b/policy/modules/system/init.te > @@ -74,6 +74,9 @@ files_type(initrc_state_t) > type initrc_tmp_t; > files_tmp_file(initrc_tmp_t) > > +type initrc_var_log_t; > +logging_log_file(initrc_var_log_t) > + > type initrc_var_run_t; > files_pid_file(initrc_var_run_t) > > @@ -255,6 +258,9 @@ manage_dirs_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t) > manage_lnk_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t) > files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir }) > > +manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t) > +logging_log_filetrans(initrc_t, initrc_var_log_t, dir) > + > init_write_initctl(initrc_t) > > kernel_read_system_state(initrc_t) This only adds directory rules, not file rules, so this doesn't appear to work. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com