- Add proper contexts for rsyslogd
This commit is contained in:
Daniel J Walsh
parent
297dd1a900
commit
908512cccc
@ -8546,16 +8546,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
|
||||
# Sulogin local policy
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.0.3/policy/modules/system/logging.fc
|
||||
--- nsaserefpolicy/policy/modules/system/logging.fc 2007-05-29 14:10:58.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/logging.fc 2007-07-17 15:46:25.000000000 -0400
|
||||
@@ -1,6 +1,6 @@
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/logging.fc 2007-07-19 11:20:26.000000000 -0400
|
||||
@@ -1,12 +1,15 @@
|
||||
-
|
||||
/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
|
||||
|
||||
+/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
|
||||
+/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
|
||||
/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
|
||||
|
||||
/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
|
||||
@@ -43,3 +43,5 @@
|
||||
/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)
|
||||
+/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
|
||||
/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
|
||||
/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
+/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
|
||||
@@ -43,3 +46,5 @@
|
||||
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
|
||||
|
||||
/var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -293,10 +293,12 @@ semodule -r moilscanner 2>/dev/null
|
||||
%relabel targeted
|
||||
exit 0
|
||||
|
||||
%triggerpostun targeted -- selinux-policy-targeted < 3.0.1
|
||||
%triggerpostun targeted -- selinux-policy-targeted < 3.0.3.2
|
||||
setsebool -P use_nfs_home_dirs=1
|
||||
semanage login -m -s "system_u" __default__ 2> /dev/null
|
||||
semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u 2> /dev/null
|
||||
semanage user -a -P guest -R guest_r guest_u
|
||||
semanage user -a -P xguest -R xguest_r xguest_u
|
||||
restorecon -R /root 2> /dev/null
|
||||
exit 0
|
||||
|
||||
@ -357,6 +359,12 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jul 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.3-2
|
||||
- Add proper contexts for rsyslogd
|
||||
|
||||
* Thu Jul 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.3-1
|
||||
- Fixes for xguest policy
|
||||
|
||||
* Tue Jul 17 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-9
|
||||
- Allow execution of gconf
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user