[DSE-Dev] refpolicy HEAD, patch for Debian logs of syslog rotation
Václav Ovsík
vaclav.ovsik at i.cz
Tue Dec 11 14:52:08 UTC 2007
Hi,
there is another change for the refpolicy, so the Debian system can run
/etc/cron.daily/sysklogd successfully. This is rotation for logs parsed
from syslog.conf config file. Script /usr/sbin/syslogd-listfiles lists
logs, that needs rotation. Logs are rotated using script
/usr/bin/savelog then.
Without attached patch domain logrotate_t is not allowed to read
syslog_conf_t and following denials are generated:
audit(1197384508.149:3): avc: denied { read } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file
audit(1197384508.149:4): avc: denied { ioctl } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file
audit(1197384508.149:5): avc: denied { getattr } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file
Can be changes applied?
Thanks
--
Zito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: refpolicy-debian-syslog.patch
Type: text/x-diff
Size: 1198 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20071211/3176e078/attachment.patch
More information about the SELinux-devel
mailing list