From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 29 Oct 2012 20:16:56 +0100
Subject: [refpolicy] [PATCH 1/1] Allow system logger to write to cron log
	files
Message-ID: <20121029191656.GA14388@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The system logger is responsible for writing log events in various log files.
Some of these log files are not labeled as var_log_t, but have their domains'
specific logging type set. One of these is cron_log_t.

Allow syslogd_t to write to the cron log files, and introduce a file transition
when the file is just created.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/logging.te |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 696e0c8..b16ddac 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -490,6 +490,13 @@ optional_policy(`
 ')
 
 optional_policy(`
+	cron_create_log_files(syslogd_t)
+	cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
+	cron_setattr_log_files(syslogd_t)
+	cron_write_log_files(syslogd_t)
+')
+
+optional_policy(`
 	inn_manage_log(syslogd_t)
 ')
 
-- 
1.7.8.6