From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 11 Jun 2014 10:13:44 -0400
Subject: [refpolicy] [PATCH v2] apache.te: Add labelling support for
	/var/log/mlogc
In-Reply-To: <1402413767-23181-1-git-send-email-andronicus.spiros@gmail.com>
References: <1402413767-23181-1-git-send-email-andronicus.spiros@gmail.com>
Message-ID: <53986418.5020501@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/10/2014 11:22 AM, Elia Pinto wrote:
> Add the right labelling support for the
> ModSecurity Audit Log Collector(mlogc).
> mlogc is started by apache and run with the
> same selinux security context.
> 
> Signed-off-by: Elia Pinto <andronicus.spiros@gmail.com>
> ---
> This is the second revision. httpd_log_t context was not 
> sufficient for mlogc
 
Why was httpd_log_t insufficient for mlogc?


> diff --git a/apache.fc b/apache.fc
> index 4e90b04..ec0c0fb 100644
> --- a/apache.fc
> +++ b/apache.fc
> @@ -125,6 +125,7 @@ ifdef(`distro_suse',`
>  /var/log/cherokee(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
>  /var/log/dirsrv/admin-serv(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
>  /var/log/glpi(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
> +/var/log/mlogc(/.*)?	gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
>  /var/log/httpd(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
>  /var/log/horde2(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
>  /var/log/lighttpd(/.*)?	gen_context(system_u:object_r:httpd_log_t,s0)
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com