From c239a205044f22583d1f80648effba5d892d6a5e Mon Sep 17 00:00:00 2001
From: Sven Vermeulen <sven.vermeulen@siphos.be>
Date: Fri, 19 Oct 2012 20:51:24 +0200
Subject: [PATCH] Introduce logging_search_all_log_dirs interface

Support the logging_search_all_log_dirs interface for applications such as
fail2ban-client, who scan through log directories.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/logging.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index be20dca18..69579934e 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -684,6 +684,25 @@ interface(`logging_rw_generic_log_dirs',`
 	allow $1 var_log_t:dir rw_dir_perms;
 ')
 
+#######################################
+## <summary>
+##	Search through all log dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`logging_search_all_log_dirs',`
+	gen_require(`
+		attribute logfile;
+	')
+
+	allow $1 logfile:dir search_dir_perms;
+')
+
 #######################################
 ## <summary>
 ##	Set attributes on all log dirs.