From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 17 Nov 2012 21:58:48 +0100 Subject: [refpolicy] [PATCH v1 2/9] Introducing cron_manage_log_files interface In-Reply-To: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be> References: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1353185935-17421-3-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The metalog system logger also tackles rotation and clean-up of log files it manages. Hence, it requires manage privileges on these log files. Cron log files are an example of this, so we introduce the cron_manage_log_files interface. Added a logging_search_logs() call as per Dominick's suggestion. Signed-off-by: Sven Vermeulen --- cron.if | 21 +++++++++++++++++++++ 1 files changed, 21 insertions(+), 0 deletions(-) diff --git a/cron.if b/cron.if index a1ecb7f..51f372d 100644 --- a/cron.if +++ b/cron.if @@ -463,6 +463,27 @@ interface(`cron_write_log_files',` ######################################## ## +## Create, read, write and delete +## cron log files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cron_manage_log_files',` + gen_require(` + type cron_log_t; + ') + + manage_files_pattern($1, cron_log_t, cron_log_t) + + logging_search_logs($1) +') + +######################################## +## ## Create specified objects in generic ## log directories with the cron log file type. ## -- 1.7.8.6