1 ## <summary>Iptables/netfilter userspace logging daemon.</summary>
3 ########################################
5 ## Execute a domain transition to run ulogd.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`ulogd_domtrans',`
15 type ulogd_t, ulogd_exec_t;
18 domtrans_pattern($1, ulogd_exec_t, ulogd_t)
21 ########################################
23 ## Allow the specified domain to read
24 ## ulogd configuration files.
26 ## <param name="domain">
28 ## Domain allowed access.
33 interface(`ulogd_read_config',`
39 read_files_pattern($1, ulogd_etc_t, ulogd_etc_t)
42 ########################################
44 ## Allow the specified domain to read ulogd's log files.
46 ## <param name="domain">
48 ## Domain allowed access.
53 interface(`ulogd_read_log',`
58 logging_search_logs($1)
59 allow $1 ulogd_var_log_t:dir list_dir_perms;
60 read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
63 #######################################
65 ## Allow the specified domain to search ulogd's log files.
67 ## <param name="domain">
69 ## Domain allowed access.
73 interface(`ulogd_search_log',`
78 logging_search_logs($1)
79 allow $1 ulogd_var_log_t:dir search_dir_perms;
82 ########################################
84 ## Allow the specified domain to append to ulogd's log files.
86 ## <param name="domain">
88 ## Domain allowed access.
93 interface(`ulogd_append_log',`
98 logging_search_logs($1)
99 allow $1 ulogd_var_log_t:dir list_dir_perms;
100 allow $1 ulogd_var_log_t:file append_file_perms;
103 ########################################
105 ## All of the rules required to administrate
106 ## an ulogd environment
108 ## <param name="domain">
110 ## Domain allowed access.
113 ## <param name="role">
115 ## The role to be allowed to manage the syslog domain.
120 interface(`ulogd_admin',`
122 type ulogd_t, ulogd_etc_t;
123 type ulogd_var_log_t, ulogd_initrc_exec_t;
124 type ulogd_modules_t;
127 allow $1 ulogd_t:process { ptrace signal_perms };
128 ps_process_pattern($1, ulogd_t)
130 init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
131 domain_system_change_exemption($1)
132 role_transition $2 ulogd_initrc_exec_t system_r;
136 admin_pattern($1, ulogd_etc_t)
138 logging_list_logs($1)
139 admin_pattern($1, ulogd_var_log_t)
142 admin_pattern($1, ulogd_modules_t)