From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 27 Nov 2012 09:28:30 -0500 Subject: [refpolicy] [PATCH 1/1] Remove generic log label for cron location In-Reply-To: <20121112215737.GA28692@siphos.be> References: <20121112215737.GA28692@siphos.be> Message-ID: <50B4CE0E.8080400@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/12/12 16:57, Sven Vermeulen wrote: > The /var/log/cron[^/]* line in the context definition takes higher precedence > than the /var/log/cron.* line in the cron.fc file. As a result, when > /var/log/cron.log is created it gets relabeled to var_log_t instead of staying > with the cron_log_t type it should be. > > Removing the line so that the definitions in cron.log are used. Merged. > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/logging.fc | 1 - > 1 files changed, 0 insertions(+), 1 deletions(-) > > diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc > index bcc960b..b50c5fe 100644 > --- a/policy/modules/system/logging.fc > +++ b/policy/modules/system/logging.fc > @@ -41,7 +41,6 @@ ifdef(`distro_suse', ` > /var/log/boot\.log -- gen_context(system_u:object_r:var_log_t,mls_systemhigh) > /var/log/messages[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) > /var/log/secure[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) > -/var/log/cron[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) > /var/log/maillog[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) > /var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) > /var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh) > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com