From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 06 Sep 2012 15:37:10 -0400
Subject: [refpolicy] [PATCH v2 2/4] Allow syslogd to create
 /var/lib/syslog and /var/lib/misc/syslog-ng.persist
In-Reply-To: <20120906191501.GA9722@siphos.be>
References: <1346952938-9358-1-git-send-email-sven.vermeulen@siphos.be>
	<1346952938-9358-3-git-send-email-sven.vermeulen@siphos.be>
	<1346957238.15262.90.camel@d30.localdomain>
	<20120906191501.GA9722@siphos.be>
Message-ID: <5048FB66.60908@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2012 03:15 PM, Sven Vermeulen wrote:
> On Thu, Sep 06, 2012 at 08:47:18PM +0200, Dominick Grift wrote:
>> On Thu, 2012-09-06 at 19:35 +0200, Sven Vermeulen wrote:
>>> If the /var/lib/syslog directory does not exist, then syslog-ng
>>> (running in syslogd_t) will attempt to create the directory.
>> 
>>> +files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir })
>> 
>> Why file trans on a file?
> 
> You asked that the previous time as well (at least you're consistent ;-)
> and I hoped a bit that the commit information (and the mail reply) was 
> sufficient.
> 
> The file transition is for /var/lib/misc/syslog-ng.persist (and 
> /var/lib/misc/syslog-ng.persist-) as the /var/lib/misc location itself is 
> still var_lib_t.
> 
> Wkr, Sven Vermeulen _______________________________________________ 
> refpolicy mailing list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


/var/lib/misc should just die a horrible death.  /var/lib itself is misc.
syslog should store its content under /var/lib/syslog.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBI+2YACgkQrlYvE4MpobOWeACcCXEHPxEf97w4i3MbYw+yb5aw
q3IAoNeTPB6MFENf0kOtlAbk3LXQCoox
=40Ns
-----END PGP SIGNATURE-----