From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 10 Nov 2012 17:52:03 +0100
Subject: [refpolicy] [PATCH 1/2] Allow syslogger to manage cron log files
In-Reply-To: <1352566324-17831-1-git-send-email-sven.vermeulen@siphos.be>
References: <1352566324-17831-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1352566324-17831-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Some cron daemons, including vixie-cron, support using the system logger for
handling their logging events. Hence we allow syslogd_t to manage the cron logs,
and put a file transition in place for the system logger when it creates the
cron.log file.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/logging.te |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 72d67ad..091db87 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -490,6 +490,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	cron_manage_log(syslogd_t)
+	cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
+')
+
+optional_policy(`
 	inn_manage_log(syslogd_t)
 ')
 
-- 
1.7.8.6