From: andronicus.spiros@gmail.com (Elia Pinto) Date: Wed, 11 Jun 2014 16:55:14 +0200 Subject: [refpolicy] [PATCH v2] apache.te: Add labelling support for /var/log/mlogc In-Reply-To: <53986418.5020501@tresys.com> References: <1402413767-23181-1-git-send-email-andronicus.spiros@gmail.com> <53986418.5020501@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Il 11/giu/2014 16:12 "Christopher J. PeBenito" ha scritto: > > On 06/10/2014 11:22 AM, Elia Pinto wrote: > > Add the right labelling support for the > > ModSecurity Audit Log Collector(mlogc). > > mlogc is started by apache and run with the > > same selinux security context. > > > > Signed-off-by: Elia Pinto > > --- > > This is the second revision. httpd_log_t context was not > > sufficient for mlogc > > Why was httpd_log_t insufficient for mlogc? In particular Because mlogc create new directory in /var/log/mlogc also. Thanks Best regards > > > > diff --git a/apache.fc b/apache.fc > > index 4e90b04..ec0c0fb 100644 > > --- a/apache.fc > > +++ b/apache.fc > > @@ -125,6 +125,7 @@ ifdef(`distro_suse',` > > /var/log/cherokee(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > /var/log/dirsrv/admin-serv(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > /var/log/glpi(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > +/var/log/mlogc(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) > > /var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > /var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > /var/log/lighttpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) > > > > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140611/48364377/attachment.html