From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 16 Aug 2013 08:21:45 +0200
Subject: [refpolicy] [PATCH 1/2] Grant write privileges to squid on its log
	files
In-Reply-To: <1376634106-16328-1-git-send-email-sven.vermeulen@siphos.be>
References: <1376634106-16328-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1376634106-16328-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The squid daemon currently seems to require write privileges on the files
(squid_log_t) - append no longer cuts it. This is confirmed for both the
cache.log file as well as the netdb.state file.

Switching append_files_pattern to write_files_pattern.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 squid.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/squid.te b/squid.te
index 991d7ea..ae41c6c 100644
--- a/squid.te
+++ b/squid.te
@@ -74,7 +74,7 @@ allow squid_t squid_conf_t:file read_file_perms;
 allow squid_t squid_conf_t:lnk_file read_lnk_file_perms;
 
 manage_dirs_pattern(squid_t, squid_log_t, squid_log_t)
-append_files_pattern(squid_t, squid_log_t, squid_log_t)
+write_files_pattern(squid_t, squid_log_t, squid_log_t)
 create_files_pattern(squid_t, squid_log_t, squid_log_t)
 setattr_files_pattern(squid_t, squid_log_t, squid_log_t)
 manage_lnk_files_pattern(squid_t, squid_log_t, squid_log_t)
-- 
1.8.1.5