From mboxrd@z Thu Jan 1 00:00:00 1970 From: domg472@gmail.com (Dominick Grift) Date: Wed, 24 Aug 2011 15:15:09 +0200 Subject: [refpolicy] [PATCH 1/1] Allow userdomains to send syslog messages In-Reply-To: <4E54F828.8020200@tresys.com> References: <20110823105722.GA2352@siphos.be> <4E54F828.8020200@tresys.com> Message-ID: <20110824131507.GA25303@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Aug 24, 2011 at 09:10:00AM -0400, Christopher J. PeBenito wrote: > On 08/23/11 06:57, Sven Vermeulen wrote: > > Some applications that run within the user domain send messages to the syslog > > daemon (for instance through the syslog() function). This patch allows the > > userdomain to write to the devlog_t socket and interact properly with the > > syslog daemon. > > Do you have some examples? My initial reaction is definitely not > merged, as I don't want users to be able to flood the system logs. I do, the git-daemon run by users can be configured to use syslog. I allowed this by default in my git policy. Would you prefer a boolean "git_session_daemon_can_syslog" instead of allowing it by default? > > > > Signed-off-by: Sven Vermeulen > > --- > > policy/modules/system/userdomain.if | 2 ++ > > 1 files changed, 2 insertions(+), 0 deletions(-) > > > > diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if > > index c6d3cc8..17abfcf 100644 > > --- a/policy/modules/system/userdomain.if > > +++ b/policy/modules/system/userdomain.if > > @@ -965,6 +965,8 @@ template(`userdom_unpriv_user_template', ` > > # cjp: why? > > files_read_kernel_symbol_table($1_t) > > > > + logging_send_syslog_msg($1_t) > > + > > ifndef(`enable_mls',` > > fs_exec_noxattr($1_t) > > > > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110824/b2a56548/attachment.bin