RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules
History
Sven Vermeulen b00d94fb72 Allow capabilities for syslog-ng 
The syslog-ng logger has (build-optional) support for capabilities. If
capabilities support is enabled, running it without setcap/getcap
permissions gives the following upon start:

 * Starting syslog-ng ...
syslog-ng: Error setting capabilities, capability management disabled;
error='Permission denied' [ ok ]

Granting only setcap (initial AVC seen) does not fully help either:

 * Starting syslog-ng ...
 Error managing capability set, cap_set_proc returned an error;

With setcap and getcap enabled, syslog-ng starts and functions fine.

See also https://bugs.gentoo.org/show_bug.cgi?id=488718

Reported-by: Vincent Brillault <gentoo@lerya.net>
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 		2013-11-13 09:14:34 -05:00
..
admin Module version bump for ping capabilities from Sven Vermeulen. 2013-09-26 10:47:32 -04:00
apps Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
contrib@298b887411 Update contrib 2013-09-27 16:44:28 -04:00
kernel Module version bump for mount updates from Dominick Grift. 2013-09-27 16:54:54 -04:00
roles Module version bump for sysadm fix for git role usage from Dominick Grift. 2013-09-26 09:16:03 -04:00
services Module version bump for ssh server caps for Debian from Dominick Grift. 2013-09-27 16:25:56 -04:00
system Allow capabilities for syslog-ng 2013-11-13 09:14:34 -05:00