Merge pull request #188 from bluca/syslog_start_stop
This commit is contained in:
commit
6e6736386f
@ -427,6 +427,24 @@ interface(`logging_domtrans_syslog',`
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Allow specified domain to start/stop syslog units
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`logging_startstop_syslog',`
|
||||||
|
gen_require(`
|
||||||
|
type syslogd_unit_t;
|
||||||
|
class service { start stop };
|
||||||
|
')
|
||||||
|
allow $1 syslogd_unit_t:service { start stop };
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Allow specified domain to check status of syslog unit
|
## Allow specified domain to check status of syslog unit
|
||||||
|
@ -529,6 +529,9 @@ ifdef(`init_systemd',`
|
|||||||
allow syslogd_t self:capability { chown setgid setuid sys_ptrace };
|
allow syslogd_t self:capability { chown setgid setuid sys_ptrace };
|
||||||
allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write };
|
allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write };
|
||||||
|
|
||||||
|
# remove /run/log/journal when switching to permanent storage
|
||||||
|
allow syslogd_t var_log_t:dir rmdir;
|
||||||
|
|
||||||
kernel_getattr_dgram_sockets(syslogd_t)
|
kernel_getattr_dgram_sockets(syslogd_t)
|
||||||
kernel_read_ring_buffer(syslogd_t)
|
kernel_read_ring_buffer(syslogd_t)
|
||||||
kernel_rw_stream_sockets(syslogd_t)
|
kernel_rw_stream_sockets(syslogd_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user