From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 2 Jul 2012 10:47:07 -0400 Subject: [refpolicy] [PATCH v2 1/6] Support log location for init script logging In-Reply-To: <1340911046-30441-2-git-send-email-sven.vermeulen@siphos.be> References: <1340911046-30441-1-git-send-email-sven.vermeulen@siphos.be> <1340911046-30441-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <4FF1B46B.8010800@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/28/12 15:17, Sven Vermeulen wrote: > Recent init script packages allow for logging init script progress (service > start/stop state information, sometimes even duration, etc.) so we introduce an > initrc_var_log_t logtype and allow initrc_t to manage this. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/init.te | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te > index 5fb9683..9fdd704 100644 > --- a/policy/modules/system/init.te > +++ b/policy/modules/system/init.te > @@ -74,6 +74,9 @@ files_type(initrc_state_t) > type initrc_tmp_t; > files_tmp_file(initrc_tmp_t) > > +type initrc_var_log_t; > +logging_log_file(initrc_var_log_t) > + > type initrc_var_run_t; > files_pid_file(initrc_var_run_t) > > @@ -255,6 +258,9 @@ manage_dirs_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t) > manage_lnk_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t) > files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir }) > > +manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t) > +logging_log_filetrans(initrc_t, initrc_var_log_t, dir) > + > init_write_initctl(initrc_t) > > kernel_read_system_state(initrc_t) Oops, I missed you had a v2. Same thing I said for v1, no file access. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com