[selinux-policy: 2492/3172] shorewall log file from Dan Walsh
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:41:30 UTC 2010
commit 3fcdc3976436a89f6f5e8eb965407c11ef372ab8
Author: Jeremy Solt <jsolt at tresys.com>
Date: Fri Mar 5 15:15:05 2010 -0500
shorewall log file from Dan Walsh
policy/modules/admin/shorewall.fc | 2 ++
policy/modules/admin/shorewall.te | 7 +++++++
2 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/admin/shorewall.fc b/policy/modules/admin/shorewall.fc
index 6286e2b..029cb7e 100644
--- a/policy/modules/admin/shorewall.fc
+++ b/policy/modules/admin/shorewall.fc
@@ -10,3 +10,5 @@
/var/lib/shorewall(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
/var/lib/shorewall6(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
+
+/var/log/shorewall.* gen_context(system_u:object_r:shorewall_log_t,s0)
diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te
index 625341e..371f6a6 100644
--- a/policy/modules/admin/shorewall.te
+++ b/policy/modules/admin/shorewall.te
@@ -29,6 +29,9 @@ files_tmp_file(shorewall_tmp_t)
type shorewall_var_lib_t;
files_type(shorewall_var_lib_t)
+type shorewall_log_t;
+logging_log_file(shorewall_log_t)
+
########################################
#
# shorewall local policy
@@ -49,6 +52,10 @@ manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file })
+manage_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir })
+
manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
manage_files_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
files_tmp_filetrans(shorewall_t, shorewall_tmp_t, { file dir })
More information about the scm-commits
mailing list