From: dominick.grift@gmail.com (grift)
Date: Tue, 27 Nov 2012 14:58:19 +0100
Subject: [refpolicy] [PATCH 1/2] Allow syslogger to manage cron log files
In-Reply-To: <1352566324-17831-2-git-send-email-sven.vermeulen@siphos.be>
References: <1352566324-17831-1-git-send-email-sven.vermeulen@siphos.be>
	<1352566324-17831-2-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1354024699.1888.19.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 2012-11-10 at 17:52 +0100, Sven Vermeulen wrote:
> Some cron daemons, including vixie-cron, support using the system logger for
> handling their logging events. Hence we allow syslogd_t to manage the cron logs,
> and put a file transition in place for the system logger when it creates the
> cron.log file.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/logging.te |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> index 72d67ad..091db87 100644
> --- a/policy/modules/system/logging.te
> +++ b/policy/modules/system/logging.te
> @@ -490,6 +490,11 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	cron_manage_log(syslogd_t)

There is a cron_manage_log_files()

> +	cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
> +')
> +
> +optional_policy(`
>  	inn_manage_log(syslogd_t)
>  ')
>