[selinux-policy: 2443/3172] Improve the documentation of logging_log_file() and logging_log_filetrans().

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:36:55 UTC 2010 

commit 45185c0783d944494914affc9dd0433f252e53f4
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Feb 26 09:34:41 2010 -0500

    Improve the documentation of logging_log_file() and logging_log_filetrans().

 policy/modules/system/logging.if |   51 ++++++++++++++++++++++++++++++++-----
 1 files changed, 44 insertions(+), 7 deletions(-)
---
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 1621c77..25843e8 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -1,15 +1,42 @@
 ## <summary>Policy for the kernel message logger and system logging daemon.</summary>
 
-#######################################
+########################################
 ## <summary>
-##	Make the specified type a file
-##	used for logs.
+##	Make the specified type usable for log files
+##	in a filesystem.
 ## </summary>
-## <param name="file_type">
+## <desc>
+##	<p>
+##	Make the specified type usable for log files in a filesystem.
+##	This will also make the type usable for files, making 
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a log file type may result in problems with log
+##	rotation, log analysis, and log monitoring programs.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>logging_log_filetrans()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create
+##	and append to a private log file stored in the
+##	general directories (e.g., /var/log):
+##	</p>
+##	<p>
+##	type mylogfile_t;
+##	logging_log_file(mylogfile_t)
+##	allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
+##	logging_log_filetrans(mydomain_t, mylogfile_t, file)
+##	</p>
+## </desc>
+## <param name="type">
 ##	<summary>
-##	Type of the file to be used as a log.
+##	Type to be used for files.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`logging_log_file',`
 	gen_require(`
@@ -395,9 +422,18 @@ interface(`logging_domtrans_syslog',`
 
 ########################################
 ## <summary>
-##	Create an object in the log directory, with a private
-##	type using a type transition.
+##	Create an object in the log directory, with a private type.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to create an object
+##	in the general system log directories (e.g., /var/log)
+##	with a private type.  Typically this is used for creating
+##	private log files in /var/log with the private type instead
+##	of the general system log type. To accomplish this goal,
+##	either the program must be SELinux-aware, or use this interface.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
@@ -413,6 +449,7 @@ interface(`logging_domtrans_syslog',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <infoflow type="write" weight="10"/>
 #
 interface(`logging_log_filetrans',`
 	gen_require(`

More information about the scm-commits mailing list