From: aranea@aixah.de (Luis Ressel)
Date: Mon, 11 Aug 2014 15:11:38 +0200
Subject: [refpolicy] syslog-ng.ctl
Message-ID: <20140811151138.1ecc35ef@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

In refpolicy's system/logging.fc, there's a rule to label the
file /var/run/syslog-ng.ctl as syslogd_var_run_t. However, newer
syslog-ng versions don't create a file at that path, but a unix domain
socket. That socket is labeled devlog_t via a domtrans.

However, I think that socket shouldn't have that context. It can be
used to control some syslog-ng settings with the syslog-ng-ctl command
line tool, and the many applications which are allowed to log messages
to the syslog (via a devlog_t socket) shouldn't be granted that access.

I'm not sure how to handle this, because a simple fc rule won't do --
there also has to be an appropriate domtrans, and furthermore, I'm not
sure about the interaction between sock_file's and
unix_{dgram,stream}_socket's.

What do you think?


Regards,
Luis Ressel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140811/a9b2747d/attachment.bin