[refpolicy] [PATCH v2 2/4] Allow syslogd to create /var/lib/syslog and /var/lib/misc/syslog-ng.persist

Daniel J Walsh dwalsh at redhat.com
Thu Sep 6 14:37:10 CDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2012 03:15 PM, Sven Vermeulen wrote:
> On Thu, Sep 06, 2012 at 08:47:18PM +0200, Dominick Grift wrote:
>> On Thu, 2012-09-06 at 19:35 +0200, Sven Vermeulen wrote:
>>> If the /var/lib/syslog directory does not exist, then syslog-ng
>>> (running in syslogd_t) will attempt to create the directory.
>> 
>>> +files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir })
>> 
>> Why file trans on a file?
> 
> You asked that the previous time as well (at least you're consistent ;-)
> and I hoped a bit that the commit information (and the mail reply) was 
> sufficient.
> 
> The file transition is for /var/lib/misc/syslog-ng.persist (and 
> /var/lib/misc/syslog-ng.persist-) as the /var/lib/misc location itself is 
> still var_lib_t.
> 
> Wkr, Sven Vermeulen _______________________________________________ 
> refpolicy mailing list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


/var/lib/misc should just die a horrible death.  /var/lib itself is misc.
syslog should store its content under /var/lib/syslog.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBI+2YACgkQrlYvE4MpobOWeACcCXEHPxEf97w4i3MbYw+yb5aw
q3IAoNeTPB6MFENf0kOtlAbk3LXQCoox
=40Ns
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list