From: dominick.grift@gmail.com (Dominick Grift) Date: Wed, 14 Nov 2012 19:09:28 +0100 Subject: [refpolicy] [PATCH 1/5] Introducing cron_manage_log_files interface In-Reply-To: <1352566218-17772-2-git-send-email-sven.vermeulen@siphos.be> References: <1352566218-17772-1-git-send-email-sven.vermeulen@siphos.be> <1352566218-17772-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1352916568.3654.5.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sat, 2012-11-10 at 17:50 +0100, Sven Vermeulen wrote: > The metalog system logger also tackles rotation and clean-up of log files it > manages. Hence, it requires manage privileges on these log files. Cron log files > are an example of this, so we introduce the cron_manage_log_files interface. > > See also https://bugs.gentoo.org/show_bug.cgi?id=440128 > > Signed-off-by: Sven Vermeulen > --- > cron.if | 20 ++++++++++++++++++++ > 1 files changed, 20 insertions(+), 0 deletions(-) > > diff --git a/cron.if b/cron.if > index a1ecb7f..760180c 100644 > --- a/cron.if > +++ b/cron.if > @@ -463,6 +463,26 @@ interface(`cron_write_log_files',` > > ######################################## > ##

> +## Create, read, write and delete > +## cron log files. > +##

> +## > +##

> +## Domain allowed access. > +##

> +## > +# > +interface(`cron_manage_log_files',` > + gen_require(` > + type cron_log_t; > + ') > + Needs a logging_search_logs($1) in my view > + manage_files_pattern($1, cron_log_t, cron_log_t) > +') > + > + > +######################################## > +##

> ## Create specified objects in generic > ## log directories with the cron log file type. > ##