From: jwcart2@tycho.nsa.gov (James Carter)
Date: Wed, 11 Apr 2018 14:55:20 -0400
Subject: [refpolicy] [PATCH 3/8] Move the use of var_log_t from authlogin.fc
	to logging.fc
In-Reply-To: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>
References: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>
Message-ID: <20180411185525.23486-4-jwcart2@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The type var_log_t is actually declared in logging.te.

Moved the file contexts to label dmesg and syslog files with the
var_log_t type from authlogin.fc to logging.fc.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 policy/modules/system/authlogin.fc | 2 --
 policy/modules/system/logging.fc   | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index a0c4d1c9..e22945cd 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -36,10 +36,8 @@ ifdef(`distro_suse', `
 /var/lib/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 
 /var/log/btmp.*		--	gen_context(system_u:object_r:faillog_t,s0)
-/var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
 /var/log/faillog	--	gen_context(system_u:object_r:faillog_t,s0)
 /var/log/lastlog	--	gen_context(system_u:object_r:lastlog_t,s0)
-/var/log/syslog		--	gen_context(system_u:object_r:var_log_t,s0)
 /var/log/tallylog	--	gen_context(system_u:object_r:faillog_t,s0)
 /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
 
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index b8df5fe7..c579c2d3 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -51,6 +51,8 @@ ifdef(`distro_suse', `
 
 /var/log		-d	gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
 /var/log/.*			gen_context(system_u:object_r:var_log_t,s0)
+/var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
+/var/log/syslog		--	gen_context(system_u:object_r:var_log_t,s0)
 /var/log/boot\.log	--	gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/messages[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/secure[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-- 
2.13.6