## <summary>Rotate and archive system logs</summary> ######################################## ## <summary> ## Execute logrotate in the logrotate domain. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`logrotate_domtrans',` gen_require(` type logrotate_t, logrotate_exec_t; ') domtrans_pattern($1, logrotate_exec_t, logrotate_t) ') ######################################## ## <summary> ## Execute logrotate in the logrotate domain, and ## allow the specified role the logrotate domain. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the logrotate domain. ## </summary> ## </param> ## <rolecap/> # interface(`logrotate_run',` gen_require(` type logrotate_t; ') logrotate_domtrans($1) role $2 types logrotate_t; ') ######################################## ## <summary> ## Execute logrotate in the caller domain. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`logrotate_exec',` gen_require(` type logrotate_exec_t; ') can_exec($1, logrotate_exec_t) ') ######################################## ## <summary> ## Inherit and use logrotate file descriptors. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`logrotate_use_fds',` gen_require(` type logrotate_t; ') allow $1 logrotate_t:fd use; ') ######################################## ## <summary> ## Do not audit attempts to inherit logrotate file descriptors. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process to not audit. ## </summary> ## </param> # interface(`logrotate_dontaudit_use_fds',` gen_require(` type logrotate_t; ') dontaudit $1 logrotate_t:fd use; ') ######################################## ## <summary> ## Read a logrotate temporary files. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process to not audit. ## </summary> ## </param> # interface(`logrotate_read_tmp_files',` gen_require(` type logrotate_tmp_t; ') files_search_tmp($1) allow $1 logrotate_tmp_t:file read_file_perms; ')