RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support logging with /run/systemd/journal/dev-log 

In June 2014 systemd moved the socket used by journald to /run.  This
requires two new directory search access for every domain sending syslog
messages:

* /run/systemd/ (handled by init_search_run)
* /run/systemd/journal/ (labeled syslogd_var_run_t)

systemd commit:
http://cgit.freedesktop.org/systemd/systemd/commit/units/systemd-journald-dev-log.socket?id=03ee5c38cb0da193dd08733fb4c0c2809cee6a99
This commit is contained in:
Nicolas Iooss 2014-09-07 23:28:13 +02:00 committed by Chris PeBenito
parent a30feb2a5b
commit ae4d07c8a8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policy/modules/system/logging.if
View File

@ -530,12 +530,16 @@ interface(`logging_log_filetrans',`
#
interface(`logging_send_syslog_msg',`
gen_require(`
type syslogd_t, devlog_t;
type syslogd_t, syslogd_var_run_t, devlog_t;
')
allow $1 devlog_t:lnk_file read_lnk_file_perms;
allow $1 devlog_t:sock_file write_sock_file_perms;
# systemd journal socket is in /run/systemd/journal/dev-log
init_search_run($1)
allow $1 syslogd_var_run_t:dir search_dir_perms;
# the type of socket depends on the syslog daemon
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;