SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List refpolicy HEAD, patch for Debian logs of syslog rotation This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: Václav Ovsík <vaclav.ovsik_at_i.cz> Date: Tue, 11 Dec 2007 15:52:08 +0100 Hi, there is another change for the refpolicy, so the Debian system can run /etc/cron.daily/sysklogd successfully. This is rotation for logs parsed from syslog.conf config file. Script /usr/sbin/syslogd-listfiles lists logs, that needs rotation. Logs are rotated using script /usr/bin/savelog then. Without attached patch domain logrotate_t is not allowed to read syslog_conf_t and following denials are generated: audit(1197384508.149:3): avc: denied { read } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file audit(1197384508.149:4): avc: denied { ioctl } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file audit(1197384508.149:5): avc: denied { getattr } for pid=1589 comm="syslogd-listfil" name="syslog.conf" dev=sda1 ino=213265 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file Can be changes applied? Thanks -- Zito -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. text/x-diff attachment: refpolicy-debian-syslog.patch Received on Tue 11 Dec 2007 - 09:52:20 EST This message: [ Message body ] Next message: Reed, Tim \(US SSA\): "newrole in the background" Previous message: Subrata Modak: "Re: [LTP] Se-Linux Updates for LTP" Next in thread: Christopher J. PeBenito: "Re: refpolicy HEAD, patch for Debian logs of syslog rotation" Reply: Christopher J. PeBenito: "Re: refpolicy HEAD, patch for Debian logs of syslog rotation" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom