From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 6 Sep 2012 21:15:02 +0200
Subject: [refpolicy] [PATCH v2 2/4] Allow syslogd to create
 /var/lib/syslog and /var/lib/misc/syslog-ng.persist
In-Reply-To: <1346957238.15262.90.camel@d30.localdomain>
References: <1346952938-9358-1-git-send-email-sven.vermeulen@siphos.be>
	<1346952938-9358-3-git-send-email-sven.vermeulen@siphos.be>
	<1346957238.15262.90.camel@d30.localdomain>
Message-ID: <20120906191501.GA9722@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Sep 06, 2012 at 08:47:18PM +0200, Dominick Grift wrote:
> On Thu, 2012-09-06 at 19:35 +0200, Sven Vermeulen wrote:
> > If the /var/lib/syslog directory does not exist, then syslog-ng (running in
> > syslogd_t) will attempt to create the directory.
> 
> > +files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir })
> 
>  Why file trans on a file?

You asked that the previous time as well (at least you're consistent ;-) and
I hoped a bit that the commit information (and the mail reply) was
sufficient.

The file transition is for /var/lib/misc/syslog-ng.persist (and
/var/lib/misc/syslog-ng.persist-) as the /var/lib/misc location itself is
still var_lib_t.

Wkr,
	Sven Vermeulen