From: dwalsh@redhat.com (Daniel J Walsh) Date: Thu, 06 Sep 2012 15:37:10 -0400 Subject: [refpolicy] [PATCH v2 2/4] Allow syslogd to create /var/lib/syslog and /var/lib/misc/syslog-ng.persist In-Reply-To: <20120906191501.GA9722@siphos.be> References: <1346952938-9358-1-git-send-email-sven.vermeulen@siphos.be> <1346952938-9358-3-git-send-email-sven.vermeulen@siphos.be> <1346957238.15262.90.camel@d30.localdomain> <20120906191501.GA9722@siphos.be> Message-ID: <5048FB66.60908@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2012 03:15 PM, Sven Vermeulen wrote: > On Thu, Sep 06, 2012 at 08:47:18PM +0200, Dominick Grift wrote: >> On Thu, 2012-09-06 at 19:35 +0200, Sven Vermeulen wrote: >>> If the /var/lib/syslog directory does not exist, then syslog-ng >>> (running in syslogd_t) will attempt to create the directory. >> >>> +files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir }) >> >> Why file trans on a file? > > You asked that the previous time as well (at least you're consistent ;-) > and I hoped a bit that the commit information (and the mail reply) was > sufficient. > > The file transition is for /var/lib/misc/syslog-ng.persist (and > /var/lib/misc/syslog-ng.persist-) as the /var/lib/misc location itself is > still var_lib_t. > > Wkr, Sven Vermeulen _______________________________________________ > refpolicy mailing list refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > /var/lib/misc should just die a horrible death. /var/lib itself is misc. syslog should store its content under /var/lib/syslog. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBI+2YACgkQrlYvE4MpobOWeACcCXEHPxEf97w4i3MbYw+yb5aw q3IAoNeTPB6MFENf0kOtlAbk3LXQCoox =40Ns -----END PGP SIGNATURE-----