logrotate patch from Dan Walsh
This commit is contained in:
Jeremy Solt
Chris PeBenito
parent
fdc0d0f77c
commit
b8c9879a8c
|
|
@ -32,7 +32,7 @@ files_type(logrotate_var_lib_t)
|
||||||
# Change ownership on log files.
|
# Change ownership on log files.
|
||||||
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
|
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
|
||||||
# for mailx
|
# for mailx
|
||||||
dontaudit logrotate_t self:capability { setuid setgid };
|
dontaudit logrotate_t self:capability { setuid setgid sys_ptrace };
|
||||||
|
|
||||||
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
|
|
||||||
|
|
@ -63,6 +63,7 @@ files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
|
||||||
create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
||||||
manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
||||||
files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
|
files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
|
||||||
|
files_read_var_lib_files(logrotate_t)
|
||||||
|
|
||||||
kernel_read_system_state(logrotate_t)
|
kernel_read_system_state(logrotate_t)
|
||||||
kernel_read_kernel_sysctls(logrotate_t)
|
kernel_read_kernel_sysctls(logrotate_t)
|
||||||
|
|
@ -108,6 +109,7 @@ init_domtrans_script(logrotate_t)
|
||||||
|
|
||||||
logging_manage_all_logs(logrotate_t)
|
logging_manage_all_logs(logrotate_t)
|
||||||
logging_send_syslog_msg(logrotate_t)
|
logging_send_syslog_msg(logrotate_t)
|
||||||
|
logging_send_audit_msgs(logrotate_t)
|
||||||
# cjp: why is this needed?
|
# cjp: why is this needed?
|
||||||
logging_exec_all_logs(logrotate_t)
|
logging_exec_all_logs(logrotate_t)
|
||||||
|
|
||||||
|
|
@ -116,7 +118,7 @@ miscfiles_read_localization(logrotate_t)
|
||||||
seutil_dontaudit_read_config(logrotate_t)
|
seutil_dontaudit_read_config(logrotate_t)
|
||||||
|
|
||||||
userdom_use_user_terminals(logrotate_t)
|
userdom_use_user_terminals(logrotate_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(logrotate_t)
|
userdom_list_user_home_dirs(logrotate_t)
|
||||||
userdom_use_unpriv_users_fds(logrotate_t)
|
userdom_use_unpriv_users_fds(logrotate_t)
|
||||||
|
|
||||||
cron_system_entry(logrotate_t, logrotate_exec_t)
|
cron_system_entry(logrotate_t, logrotate_exec_t)
|
||||||
|
|
@ -136,6 +138,10 @@ ifdef(`distro_debian', `
|
||||||
logging_check_exec_syslog(logrotate_t)
|
logging_check_exec_syslog(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
abrt_cache_manage(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
acct_domtrans(logrotate_t)
|
acct_domtrans(logrotate_t)
|
||||||
acct_manage_data(logrotate_t)
|
acct_manage_data(logrotate_t)
|
||||||
|
|
@ -148,6 +154,14 @@ optional_policy(`
|
||||||
apache_signull(logrotate_t)
|
apache_signull(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
asterisk_domtrans(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
bind_manage_cache(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
consoletype_exec(logrotate_t)
|
consoletype_exec(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
@ -156,12 +170,16 @@ optional_policy(`
|
||||||
cups_domtrans(logrotate_t)
|
cups_domtrans(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
fail2ban_stream_connect(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
hostname_exec(logrotate_t)
|
hostname_exec(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
samba_exec_log(logrotate_t)
|
icecast_signal(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
@ -182,6 +200,19 @@ optional_policy(`
|
||||||
mysql_stream_connect(logrotate_t)
|
mysql_stream_connect(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
psad_domtrans(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
samba_exec_log(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
sssd_domtrans(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
slrnpull_manage_spool(logrotate_t)
|
slrnpull_manage_spool(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
@ -190,6 +221,11 @@ optional_policy(`
|
||||||
squid_domtrans(logrotate_t)
|
squid_domtrans(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
#Red Hat bug 564565
|
||||||
|
su_exec(logrotate_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
varnishd_manage_log(logrotate_t)
|
varnishd_manage_log(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue