Commit Graph

25 Commits

Author SHA1 Message Date
Chris PeBenito f7286189b3 Add systemd units for core refpolicy services.
Only for services that already have a named init script.

Add rules to init_startstop_service(), with conditional arg until
all of refpolicy-contrib callers are updated.
2015-10-23 10:17:46 -04:00
Chris PeBenito 579849912d Add supporting rules for domains tightly-coupled with systemd. 2015-10-23 10:17:46 -04:00
Chris PeBenito a30feb2a5b Whitespace change in logging.fc. 2014-09-12 09:49:37 -04:00
Nicolas Iooss d7b2ccf89a Label systemd-journald files and directories 2014-09-12 09:47:59 -04:00
Nicolas Iooss a102fccdba Label syslog-ng.pid as syslogd_var_run_t 2014-04-21 09:26:09 -04:00
Laurent Bigonville 64be72b662 Add fcontext for rsyslog pidfile 2014-01-31 21:54:40 -05:00
Sven Vermeulen 77139d4891 Remove generic log label for cron location
The /var/log/cron[^/]* line in the context definition takes higher precedence
than the /var/log/cron.* line in the cron.fc file. As a result, when
/var/log/cron.log is created it gets relabeled to var_log_t instead of staying
with the cron_log_t type it should be.

Removing the line so that the definitions in cron.log are used.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-11-27 09:13:15 -05:00
Dominick Grift 111b0b3176 Remove var_log_t file context spec
The /var/cfengine/output location will be labeled in the forthcoming
cfengine policy module that will be ported from Fedora

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2012-10-02 10:09:33 -04:00
Sven Vermeulen 074cfbeb5b Allow syslogd to create /var/lib/syslog and /var/lib/misc/syslog-ng.persist
If the /var/lib/syslog directory does not exist, then syslog-ng (running in
syslogd_t) will attempt to create the directory.

Allow the syslogd_t domain to create the directory, and use an automatic file
transition towards syslogd_var_lib_t.

Also, the syslog-ng daemon uses a persistence file in
/var/lib/misc/syslog-ng.persist (and .persist- if it suspects a collision). As
/var/lib/misc is still a generic var_lib_t, we have the syslogd_t daemon write
its files as syslogd_var_lib_t therein.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-09-17 09:31:35 -04:00
Chris PeBenito 127d617b31 Pull in some changes from Fedora policy system layer. 2011-04-14 11:36:56 -04:00
Chris PeBenito bc5a858a4e Change /dev/log fc to MLS system high.
When the syslog recreates this sock_file on startup, it gets this sensitivity anyway.
This will prevent incorrect relabeling if /dev is relabeled.
2010-11-05 13:13:21 -04:00
Chris PeBenito 7a8807b627 Logging patch from Dan Walsh. 2010-03-17 14:40:06 -04:00
Chris PeBenito cfafe4a7a8 trunk: logging update from dan. 2008-09-18 13:20:57 +00:00
Chris PeBenito c11057f7ae trunk: fedora update cherry picked by david hardeman. 2008-08-22 15:17:01 +00:00
Chris PeBenito 2ed4f5aedf trunk: small fixes for gentoo system. 2008-03-20 14:55:17 +00:00
Chris PeBenito 90c3c561ef trunk: fc fix and if addtion from Stefan Schulze Frielinghaus. 2008-02-25 14:20:56 +00:00
Chris PeBenito 02d968c581 trunk: several fc updates from dan. 2007-12-12 15:55:21 +00:00
Chris PeBenito eaed904cd5 trunk: 3 patches from dan. 2007-11-05 19:35:08 +00:00
Chris PeBenito 14add30d03 trunk: 3 patches from dan. 2007-09-12 14:53:39 +00:00
Chris PeBenito 14b1684aae gentoo testing fixes. 2006-10-13 21:44:02 +00:00
Chris PeBenito e070dd2df0 - Move range transitions to modules.
- Make number of MLS sensitivities, and number of MLS and MCS
  categories configurable as build options.
2006-10-04 17:25:34 +00:00
Chris PeBenito eac818f040 patch from dan Thu, 31 Aug 2006 15:16:30 -0400 2006-09-01 15:52:05 +00:00
Chris PeBenito a5e2133bc8 patch from dan Wed, 23 Aug 2006 14:03:49 -0400 2006-08-29 02:41:00 +00:00
Chris PeBenito 19ebf01d6a patch to fix escaping of . in file contexts from james athey 2006-07-24 15:43:57 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00