Add label for /var/log/mcelog

author Dan Walsh <dwalsh@redhat.com>

Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)
author Dan Walsh <dwalsh@redhat.com>
Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)
diff --git a/policy/modules/admin/mcelog.fc b/policy/modules/admin/mcelog.fc

index de535e41911cdd99727b9d1ea4a6365d7d49f11a..064122650424bf808b3088b3f599e8c18133aa98 100644 (file)
--- a/policy/modules/admin/mcelog.fc
+++ b/policy/modules/admin/mcelog.fc
@@ -1,4 +1,5 @@
  /usr/sbin/mcelog       --      gen_context(system_u:object_r:mcelog_exec_t,s0)
  
-/var/run/mcelog-client  -s     gen_context(system_u:object_r:mcelog_var_run_t,s0)
+/var/log/mcelog.*      --      gen_context(system_u:object_r:mcelog_log_t,s0)
  
+/var/run/mcelog-client  -s     gen_context(system_u:object_r:mcelog_var_run_t,s0)
diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te

index 24a6ad6a8df2052bd16cc2d2f3ac3d97da14473c..ef8bc09d4272ff625be440320d59413c2a4a1a7a 100644 (file)
--- a/policy/modules/admin/mcelog.te
+++ b/policy/modules/admin/mcelog.te
@@ -13,6 +13,9 @@ application_domain(mcelog_t, mcelog_exec_t)
  type mcelog_var_run_t;
  files_pid_file(mcelog_var_run_t)
  
+type mcelog_log_t;
+logging_log_file(mcelog_log_t)
+
  ########################################
  #
  # mcelog local policy
@@ -20,6 +23,10 @@ files_pid_file(mcelog_var_run_t)
  
  allow mcelog_t self:capability sys_admin;
  
+manage_files_pattern(mcelog_t, mcelog_log_t, mcelog_log_t)
+manage_dirs_pattern(mcelog_t, mcelog_log_t, mcelog_log_t)
+logging_log_filetrans(mcelog_t, mcelog_log_t, { file dir })
+
  manage_files_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
  manage_dirs_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
  manage_sock_files_pattern(mcelog_t, mcelog_var_run_t, mcelog_var_run_t)
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc

index 6030f34fbeee12ce043df88f6bdd824e374176ae..34ab5cef97eab4cd69a8167af2e8ddde6fcedd3b 100644 (file)
--- a/policy/modules/services/cron.fc
+++ b/policy/modules/services/cron.fc
@@ -48,5 +48,3 @@ ifdef(`distro_suse', `
  /var/spool/fcron/new\.systab   --      gen_context(system_u:object_r:system_cron_spool_t,s0)
  
  /var/lib/glpi/files(/.*)?              gen_context(system_u:object_r:cron_var_lib_t,s0)
-
-/var/log/mcelog.*              --      gen_context(system_u:object_r:cron_log_t,s0)
author	Dan Walsh <dwalsh@redhat.com>
	Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Mon, 11 Jul 2011 20:53:08 +0000 (16:53 -0400)
policy/modules/admin/mcelog.fc		patch \| blob \| blame \| history
policy/modules/admin/mcelog.te		patch \| blob \| blame \| history
policy/modules/services/cron.fc		patch \| blob \| blame \| history