[refpolicy] [PATCH v2 1/6] Support log location for init script logging

Christopher J. PeBenito cpebenito at tresys.com
Mon Jul 2 09:47:07 CDT 2012


On 06/28/12 15:17, Sven Vermeulen wrote:
> Recent init script packages allow for logging init script progress (service
> start/stop state information, sometimes even duration, etc.) so we introduce an
> initrc_var_log_t logtype and allow initrc_t to manage this.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
> ---
>  policy/modules/system/init.te |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
> index 5fb9683..9fdd704 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -74,6 +74,9 @@ files_type(initrc_state_t)
>  type initrc_tmp_t;
>  files_tmp_file(initrc_tmp_t)
>  
> +type initrc_var_log_t;
> +logging_log_file(initrc_var_log_t)
> +
>  type initrc_var_run_t;
>  files_pid_file(initrc_var_run_t)
>  
> @@ -255,6 +258,9 @@ manage_dirs_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
>  manage_lnk_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
>  files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir })
>  
> +manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
> +logging_log_filetrans(initrc_t, initrc_var_log_t, dir)
> +
>  init_write_initctl(initrc_t)
>  
>  kernel_read_system_state(initrc_t)
 
Oops, I missed you had a v2.  Same thing I said for v1, no file access.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com




More information about the refpolicy mailing list