Add syslog capability.

This commit is contained in:
Chris PeBenito 2011-01-19 14:11:00 -05:00
parent 8d46bd3017
commit 640df09275
3 changed files with 21 additions and 0 deletions

View File

@ -1,3 +1,4 @@
- Add syslog capability.
- Support for logging in to /dev/console, from Harry Ciao. - Support for logging in to /dev/console, from Harry Ciao.
- Database object class updates and associated SEPostgreSQL changes from - Database object class updates and associated SEPostgreSQL changes from
KaiGai Kohei. KaiGai Kohei.

View File

@ -428,6 +428,7 @@ class capability2
{ {
mac_override # unused by SELinux mac_override # unused by SELinux
mac_admin # unused by SELinux mac_admin # unused by SELinux
syslog
} }
# #

View File

@ -442,6 +442,7 @@ interface(`kernel_read_ring_buffer',`
type kernel_t; type kernel_t;
') ')
allow $1 self:capability2 syslog;
allow $1 kernel_t:system syslog_read; allow $1 kernel_t:system syslog_read;
') ')
@ -479,7 +480,16 @@ interface(`kernel_change_ring_buffer_level',`
type kernel_t; type kernel_t;
') ')
allow $1 self:capability2 syslog;
allow $1 kernel_t:system syslog_console; allow $1 kernel_t:system syslog_console;
ifdef(`distro_rhel4',`
allow $1 self:capability2 sys_admin;
')
ifdef(`distro_rhel5',`
allow $1 self:capability2 sys_admin;
')
') ')
######################################## ########################################
@ -498,7 +508,16 @@ interface(`kernel_clear_ring_buffer',`
type kernel_t; type kernel_t;
') ')
allow $1 self:capability2 syslog;
allow $1 kernel_t:system syslog_mod; allow $1 kernel_t:system syslog_mod;
ifdef(`distro_rhel4',`
allow $1 self:capability2 sys_admin;
')
ifdef(`distro_rhel5',`
allow $1 self:capability2 sys_admin;
')
') ')
######################################## ########################################