[refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages
Christopher J. PeBenito
cpebenito at tresys.com
Wed Aug 24 08:41:10 CDT 2011
On 08/24/11 09:15, Dominick Grift wrote:
> On Wed, Aug 24, 2011 at 09:10:00AM -0400, Christopher J. PeBenito wrote:
>> On 08/23/11 06:57, Sven Vermeulen wrote:
>>> Some applications that run within the user domain send messages to the syslog
>>> daemon (for instance through the syslog() function). This patch allows the
>>> userdomain to write to the devlog_t socket and interact properly with the
>>> syslog daemon.
>>
>> Do you have some examples? My initial reaction is definitely not
>> merged, as I don't want users to be able to flood the system logs.
>
> I do, the git-daemon run by users can be configured to use syslog. I allowed this by default in my git policy. Would you prefer a boolean "git_session_daemon_can_syslog" instead of allowing it by default?
Thats a different domain. I'm speaking of unpriv user domains user_t,
staff_t, etc.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list