From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 12 Nov 2012 22:57:37 +0100
Subject: [refpolicy] [PATCH 1/1] Remove generic log label for cron location
Message-ID: <20121112215737.GA28692@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The /var/log/cron[^/]* line in the context definition takes higher precedence
than the /var/log/cron.* line in the cron.fc file. As a result, when
/var/log/cron.log is created it gets relabeled to var_log_t instead of staying
with the cron_log_t type it should be.

Removing the line so that the definitions in cron.log are used.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/logging.fc |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index bcc960b..b50c5fe 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -41,7 +41,6 @@ ifdef(`distro_suse', `
 /var/log/boot\.log	--	gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/messages[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/secure[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-/var/log/cron[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/maillog[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/spooler[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/audit(/.*)?		gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
-- 
1.7.8.6