syslog-ng has a /var/lib/syslog-ng, but there's no syslogd_var_lib_t
in the RHEL5 policy. So I create the below module. But, what happens
if RHEL comes out with an updated policy that includes syslogd_var_lib_t?
Should I maybe wrap the definition in a check for if it already exist ?
------------------------------------------------------------------------------
module syslog_ng 1.0.3;
# The followin two lines are what I'm asking about:
type syslogd_var_lib_t;
files_type(syslogd_var_lib_t)
require {
class sock_file { getattr unlink };
class tcp_socket { create bind setopt name_bind node_bind listen };
class dir { search write add_name };
class file { create write getattr read };
type device_t;
type syslogd_t;
type rsh_port_t;
type inaddr_any_node_t;
type var_lib_t;
type syslogd_var_lib_t;
};
allow syslogd_t device_t:sock_file { getattr unlink };
allow syslogd_t rsh_port_t:tcp_socket name_bind;
allow syslogd_t inaddr_any_node_t:tcp_socket node_bind;
allow syslogd_t self:tcp_socket { create listen bind setopt };
allow syslogd_t syslogd_var_lib_t:dir { search write add_name };
allow syslogd_t syslogd_var_lib_t:file { create write getattr read };
allow syslogd_t var_lib_t:dir search;
------------------------------------------------------------------------------
-jf
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
