From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 27 May 2015 14:51:09 -0400
Subject: [refpolicy] [PATCH 1/2] logging: use init_startstop_service in
 _admin interface
In-Reply-To: <1432546436-17885-1-git-send-email-jason@perfinion.com>
References: <1432546436-17885-1-git-send-email-jason@perfinion.com>
Message-ID: <5566121D.4040501@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 5/25/2015 5:33 AM, Jason Zaman wrote:
> The logging_admin interfaces had rules for RedHat sysvinit. This
> replaces them with the interface init_startstop_service which can
> easily be changed for other init systems.

Merged.


> ---
>  policy/modules/system/logging.if | 10 ++--------
>  1 file changed, 2 insertions(+), 8 deletions(-)
> 
> diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
> index a40714e..7fd0c41 100644
> --- a/policy/modules/system/logging.if
> +++ b/policy/modules/system/logging.if
> @@ -1003,10 +1003,7 @@ interface(`logging_admin_audit',`
>  
>  	logging_run_auditctl($1, $2)
>  
> -	init_labeled_script_domtrans($1, auditd_initrc_exec_t)
> -	domain_system_change_exemption($1)
> -	role_transition $2 auditd_initrc_exec_t system_r;
> -	allow $2 system_r;
> +	init_startstop_service($1, $2, auditd_t, auditd_initrc_exec_t)
>  ')
>  
>  ########################################
> @@ -1061,10 +1058,7 @@ interface(`logging_admin_syslog',`
>  
>  	logging_manage_all_logs($1)
>  
> -	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
> -	domain_system_change_exemption($1)
> -	role_transition $2 syslogd_initrc_exec_t system_r;
> -	allow $2 system_r;
> +	init_startstop_service($1, $2, syslogd_t, syslogd_initrc_exec_t)
>  ')
>  
>  ########################################
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com