logrotate patch from Dan Walsh

This commit is contained in:
Jeremy Solt 2010-05-24 10:26:31 -04:00 committed by Chris PeBenito
parent fdc0d0f77c
commit b8c9879a8c

View File

@ -32,7 +32,7 @@ files_type(logrotate_var_lib_t)
# Change ownership on log files.
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
# for mailx
dontaudit logrotate_t self:capability { setuid setgid };
dontaudit logrotate_t self:capability { setuid setgid sys_ptrace };
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
@ -63,6 +63,7 @@ files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
files_read_var_lib_files(logrotate_t)
kernel_read_system_state(logrotate_t)
kernel_read_kernel_sysctls(logrotate_t)
@ -108,6 +109,7 @@ init_domtrans_script(logrotate_t)
logging_manage_all_logs(logrotate_t)
logging_send_syslog_msg(logrotate_t)
logging_send_audit_msgs(logrotate_t)
# cjp: why is this needed?
logging_exec_all_logs(logrotate_t)
@ -116,7 +118,7 @@ miscfiles_read_localization(logrotate_t)
seutil_dontaudit_read_config(logrotate_t)
userdom_use_user_terminals(logrotate_t)
userdom_dontaudit_search_user_home_dirs(logrotate_t)
userdom_list_user_home_dirs(logrotate_t)
userdom_use_unpriv_users_fds(logrotate_t)
cron_system_entry(logrotate_t, logrotate_exec_t)
@ -136,6 +138,10 @@ ifdef(`distro_debian', `
logging_check_exec_syslog(logrotate_t)
')
optional_policy(`
abrt_cache_manage(logrotate_t)
')
optional_policy(`
acct_domtrans(logrotate_t)
acct_manage_data(logrotate_t)
@ -148,6 +154,14 @@ optional_policy(`
apache_signull(logrotate_t)
')
optional_policy(`
asterisk_domtrans(logrotate_t)
')
optional_policy(`
bind_manage_cache(logrotate_t)
')
optional_policy(`
consoletype_exec(logrotate_t)
')
@ -156,12 +170,16 @@ optional_policy(`
cups_domtrans(logrotate_t)
')
optional_policy(`
fail2ban_stream_connect(logrotate_t)
')
optional_policy(`
hostname_exec(logrotate_t)
')
optional_policy(`
samba_exec_log(logrotate_t)
icecast_signal(logrotate_t)
')
optional_policy(`
@ -182,6 +200,19 @@ optional_policy(`
mysql_stream_connect(logrotate_t)
')
optional_policy(`
psad_domtrans(logrotate_t)
')
optional_policy(`
samba_exec_log(logrotate_t)
')
optional_policy(`
sssd_domtrans(logrotate_t)
')
optional_policy(`
slrnpull_manage_spool(logrotate_t)
')
@ -190,6 +221,11 @@ optional_policy(`
squid_domtrans(logrotate_t)
')
optional_policy(`
#Red Hat bug 564565
su_exec(logrotate_t)
')
optional_policy(`
varnishd_manage_log(logrotate_t)
')