From: dac.override@gmail.com (Dominick Grift)
Date: Sat, 23 Aug 2014 16:29:26 +0200
Subject: [refpolicy] [PATCH 3/8] Label systemd-journald files and
 directories
In-Reply-To: <1408802382-10212-4-git-send-email-nicolas.iooss@m4x.org>
References: <1408802382-10212-1-git-send-email-nicolas.iooss@m4x.org>
	<1408802382-10212-4-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <20140823142925.GA2492@e145.network2>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, Aug 23, 2014 at 03:59:37PM +0200, Nicolas Iooss wrote:
> ---
>  policy/modules/system/logging.fc | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
> index 374fb53ee0fd..fc3c0854f5a7 100644
> --- a/policy/modules/system/logging.fc
> +++ b/policy/modules/system/logging.fc
> @@ -1,4 +1,5 @@
>  /dev/log		-s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
> +/dev/log		-l	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
>  

The solution I chose for my personal policy is to just keep the links
device_t. In my opinion it keeps things a bit simpler.

I may be overlooking an compelling argument to label the link with
a private type.

-- 
http://subkeys.pgp.net:11371/pks/lookup?search=0x02DFF788&op=index
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140823/9b6f9549/attachment.bin