logrotate patch from Dan Walsh
This commit is contained in:
parent
fdc0d0f77c
commit
b8c9879a8c
@ -32,7 +32,7 @@ files_type(logrotate_var_lib_t)
|
||||
# Change ownership on log files.
|
||||
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
|
||||
# for mailx
|
||||
dontaudit logrotate_t self:capability { setuid setgid };
|
||||
dontaudit logrotate_t self:capability { setuid setgid sys_ptrace };
|
||||
|
||||
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
|
||||
@ -63,6 +63,7 @@ files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
|
||||
create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
||||
manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
|
||||
files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
|
||||
files_read_var_lib_files(logrotate_t)
|
||||
|
||||
kernel_read_system_state(logrotate_t)
|
||||
kernel_read_kernel_sysctls(logrotate_t)
|
||||
@ -108,6 +109,7 @@ init_domtrans_script(logrotate_t)
|
||||
|
||||
logging_manage_all_logs(logrotate_t)
|
||||
logging_send_syslog_msg(logrotate_t)
|
||||
logging_send_audit_msgs(logrotate_t)
|
||||
# cjp: why is this needed?
|
||||
logging_exec_all_logs(logrotate_t)
|
||||
|
||||
@ -116,7 +118,7 @@ miscfiles_read_localization(logrotate_t)
|
||||
seutil_dontaudit_read_config(logrotate_t)
|
||||
|
||||
userdom_use_user_terminals(logrotate_t)
|
||||
userdom_dontaudit_search_user_home_dirs(logrotate_t)
|
||||
userdom_list_user_home_dirs(logrotate_t)
|
||||
userdom_use_unpriv_users_fds(logrotate_t)
|
||||
|
||||
cron_system_entry(logrotate_t, logrotate_exec_t)
|
||||
@ -136,6 +138,10 @@ ifdef(`distro_debian', `
|
||||
logging_check_exec_syslog(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
abrt_cache_manage(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
acct_domtrans(logrotate_t)
|
||||
acct_manage_data(logrotate_t)
|
||||
@ -148,6 +154,14 @@ optional_policy(`
|
||||
apache_signull(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
asterisk_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
bind_manage_cache(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
consoletype_exec(logrotate_t)
|
||||
')
|
||||
@ -156,12 +170,16 @@ optional_policy(`
|
||||
cups_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
fail2ban_stream_connect(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
hostname_exec(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
samba_exec_log(logrotate_t)
|
||||
icecast_signal(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -182,6 +200,19 @@ optional_policy(`
|
||||
mysql_stream_connect(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
psad_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
|
||||
optional_policy(`
|
||||
samba_exec_log(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
sssd_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
slrnpull_manage_spool(logrotate_t)
|
||||
')
|
||||
@ -190,6 +221,11 @@ optional_policy(`
|
||||
squid_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
#Red Hat bug 564565
|
||||
su_exec(logrotate_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
varnishd_manage_log(logrotate_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user