From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 16 Aug 2013 13:30:33 +0200
Subject: [refpolicy] [PATCH 1/2] Grant write privileges to squid on its
 log files
In-Reply-To: <1376634106-16328-2-git-send-email-sven.vermeulen@siphos.be>
References: <1376634106-16328-1-git-send-email-sven.vermeulen@siphos.be>
	<1376634106-16328-2-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1376652633.3531.3.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2013-08-16 at 08:21 +0200, Sven Vermeulen wrote:
> The squid daemon currently seems to require write privileges on the files
> (squid_log_t) - append no longer cuts it. This is confirmed for both the
> cache.log file as well as the netdb.state file.

Merged with changes, thanks

You might as well use a single manage_files_pattern now

> 
> Switching append_files_pattern to write_files_pattern.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  squid.te | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/squid.te b/squid.te
> index 991d7ea..ae41c6c 100644
> --- a/squid.te
> +++ b/squid.te
> @@ -74,7 +74,7 @@ allow squid_t squid_conf_t:file read_file_perms;
>  allow squid_t squid_conf_t:lnk_file read_lnk_file_perms;
>  
>  manage_dirs_pattern(squid_t, squid_log_t, squid_log_t)
> -append_files_pattern(squid_t, squid_log_t, squid_log_t)
> +write_files_pattern(squid_t, squid_log_t, squid_log_t)
>  create_files_pattern(squid_t, squid_log_t, squid_log_t)
>  setattr_files_pattern(squid_t, squid_log_t, squid_log_t)
>  manage_lnk_files_pattern(squid_t, squid_log_t, squid_log_t)