From: aranea@aixah.de (Luis Ressel)
Date: Mon, 18 Nov 2013 20:11:25 +0100
Subject: [refpolicy] [PATCH] Label /etc/cron.daily/logrotate correctly.
In-Reply-To: <1384692787-9565-1-git-send-email-aranea@aixah.de>
References: <1384692787-9565-1-git-send-email-aranea@aixah.de>
Message-ID: <20131118201125.2cb765ac@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

For this to work, can_exec(logrotate_t, logrotate_exec_t) is also
required.

Btw: "allow logrotate_t self:process ~{ ptrace setcurrent setexec
setrlimit execmem execstack execheap };" (currently in
contrib/logrotate.te) sounds a bit much to me...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20131118/2ecaa8f8/attachment.bin