The attached patch moves some logging interfaces to their expected place which is under interfaces that start with li, and above interfaces that start with an m. -- Dominick Grift <domg472@xxxxxxxxx>
Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gnome.if =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gnome.if (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gnome.if (working copy) @@ -89,10 +89,10 @@ libs_use_ld_so($1_gconfd_t) libs_use_shared_libs($1_gconfd_t) + logging_send_syslog_msg($1_gconfd_t) + miscfiles_read_localization($1_gconfd_t) - logging_send_syslog_msg($1_gconfd_t) - userdom_manage_user_tmp_sockets($1, $1_gconfd_t) userdom_manage_user_tmp_dirs($1,$1_gconfd_t) userdom_tmp_filetrans_user_tmp($1,$1_gconfd_t,dir) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/games.if =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/games.if (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/games.if (working copy) @@ -120,11 +120,11 @@ init_dontaudit_rw_utmp($1_games_t) - logging_dontaudit_search_logs($1_games_t) - libs_use_shared_libs($1_games_t) libs_use_ld_so($1_games_t) + logging_dontaudit_search_logs($1_games_t) + miscfiles_read_man_pages($1_games_t) miscfiles_read_localization($1_games_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/authbind.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/authbind.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/authbind.te (working copy) @@ -29,7 +29,7 @@ term_use_console(authbind_t) -logging_send_syslog_msg(authbind_t) - libs_use_ld_so(authbind_t) libs_use_shared_libs(authbind_t) + +logging_send_syslog_msg(authbind_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gpg.if =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gpg.if (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/gpg.if (working copy) @@ -119,10 +119,10 @@ libs_use_shared_libs($1_gpg_t) libs_use_ld_so($1_gpg_t) + logging_send_syslog_msg($1_gpg_t) + miscfiles_read_localization($1_gpg_t) - logging_send_syslog_msg($1_gpg_t) - sysnet_read_config($1_gpg_t) userdom_use_user_terminals($1,$1_gpg_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/setroubleshoot.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/setroubleshoot.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/setroubleshoot.te (working copy) @@ -93,13 +93,13 @@ libs_use_ld_so(setroubleshootd_t) libs_use_shared_libs(setroubleshootd_t) -miscfiles_read_localization(setroubleshootd_t) - locallogin_dontaudit_use_fds(setroubleshootd_t) logging_send_syslog_msg(setroubleshootd_t) logging_stream_connect_auditd(setroubleshootd_t) +miscfiles_read_localization(setroubleshootd_t) + seutil_read_config(setroubleshootd_t) seutil_read_file_contexts(setroubleshootd_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/ktalk.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/ktalk.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/ktalk.te (working copy) @@ -76,6 +76,7 @@ libs_use_ld_so(ktalkd_t) libs_use_shared_libs(ktalkd_t) + logging_send_syslog_msg(ktalkd_t) miscfiles_read_localization(ktalkd_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/pyzor.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/pyzor.te (revision 2761) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/pyzor.te (working copy) @@ -125,6 +125,8 @@ locallogin_dontaudit_use_fds(pyzord_t) +logging_send_syslog_msg(pyzord_t) + miscfiles_read_localization(pyzord_t) mta_manage_spool(pyzord_t) @@ -132,7 +134,3 @@ # Do not audit attempts to access /root. staff_dontaudit_search_home_dirs(pyzord_t) sysadm_dontaudit_search_home_dirs(pyzord_t) - -optional_policy(` - logging_send_syslog_msg(pyzord_t) -') Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/oddjob.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/oddjob.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/oddjob.te (working copy) @@ -50,10 +50,10 @@ libs_use_ld_so(oddjob_t) libs_use_shared_libs(oddjob_t) +locallogin_dontaudit_use_fds(oddjob_t) + miscfiles_read_localization(oddjob_t) -locallogin_dontaudit_use_fds(oddjob_t) - optional_policy(` dbus_system_bus_client_template(oddjob,oddjob_t) dbus_connect_system_bus(oddjob_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/sysstat.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/sysstat.te (revision 2761) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/sysstat.te (working copy) @@ -58,6 +58,8 @@ locallogin_use_fds(sysstat_t) +logging_send_syslog_msg(sysstat_t) + miscfiles_read_localization(sysstat_t) sysadm_dontaudit_list_home_dirs(sysstat_t) @@ -65,7 +67,3 @@ optional_policy(` cron_system_entry(sysstat_t,sysstat_exec_t) ') - -optional_policy(` - logging_send_syslog_msg(sysstat_t) -') Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/logging.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/logging.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/logging.te (working copy) @@ -148,12 +148,12 @@ init_telinit(auditd_t) +libs_use_ld_so(auditd_t) +libs_use_shared_libs(auditd_t) + logging_set_audit_parameters(auditd_t) logging_send_syslog_msg(auditd_t) -libs_use_ld_so(auditd_t) -libs_use_shared_libs(auditd_t) - miscfiles_read_localization(auditd_t) mls_file_read_all_levels(auditd_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/sysnetwork.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/sysnetwork.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/sysnetwork.te (working copy) @@ -127,11 +127,11 @@ init_rw_utmp(dhcpc_t) -logging_send_syslog_msg(dhcpc_t) - libs_use_ld_so(dhcpc_t) libs_use_shared_libs(dhcpc_t) +logging_send_syslog_msg(dhcpc_t) + miscfiles_read_localization(dhcpc_t) modutils_domtrans_insmod(dhcpc_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/hotplug.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/hotplug.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/hotplug.te (working copy) @@ -95,14 +95,14 @@ # kernel threads inherit from shared descriptor table used by init init_dontaudit_rw_initctl(hotplug_t) -logging_send_syslog_msg(hotplug_t) -logging_search_logs(hotplug_t) - libs_use_ld_so(hotplug_t) libs_use_shared_libs(hotplug_t) # Read /usr/lib/gconv/.* libs_read_lib_files(hotplug_t) +logging_send_syslog_msg(hotplug_t) +logging_search_logs(hotplug_t) + miscfiles_read_hwdata(hotplug_t) miscfiles_read_localization(hotplug_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/libraries.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/libraries.te (revision 2758) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/system/libraries.te (working copy) @@ -79,10 +79,10 @@ libs_use_ld_so(ldconfig_t) libs_use_shared_libs(ldconfig_t) +logging_send_syslog_msg(ldconfig_t) + miscfiles_read_localization(ldconfig_t) -logging_send_syslog_msg(ldconfig_t) - userdom_use_all_users_fds(ldconfig_t) ifdef(`distro_ubuntu',` Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/logrotate.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/logrotate.te (revision 2761) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/logrotate.te (working copy) @@ -103,14 +103,14 @@ # cjp: why is this needed? init_domtrans_script(logrotate_t) +libs_use_ld_so(logrotate_t) +libs_use_shared_libs(logrotate_t) + logging_manage_all_logs(logrotate_t) logging_send_syslog_msg(logrotate_t) # cjp: why is this needed? logging_exec_all_logs(logrotate_t) -libs_use_ld_so(logrotate_t) -libs_use_shared_libs(logrotate_t) - miscfiles_read_localization(logrotate_t) seutil_dontaudit_read_config(logrotate_t) Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/usermanage.te =================================================================== --- /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/usermanage.te (revision 2761) +++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/admin/usermanage.te (working copy) @@ -112,10 +112,10 @@ libs_use_ld_so(chfn_t) libs_use_shared_libs(chfn_t) +logging_send_syslog_msg(chfn_t) + miscfiles_read_localization(chfn_t) -logging_send_syslog_msg(chfn_t) - # uses unix_chkpwd for checking passwords seutil_dontaudit_search_config(chfn_t)
Attachment:
signature.asc
Description: This is a digitally signed message part
