From mboxrd@z Thu Jan 1 00:00:00 1970 From: harrytaurus2002@hotmail.com (HarryCiao) Date: Mon, 14 Feb 2011 02:38:42 +0000 Subject: [refpolicy] cron patches and remaining questions In-Reply-To: <201102141312.04030.russell@coker.com.au> References: <1296510850.23039.9.camel@tesla.lan> , <201102141312.04030.russell@coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi Russell, You are right, it's my mistake, I have been sure that on my system it is the syslogd that creates cron log files so we should not commit such change, the cron log files should inherit the label from /var/log/ and that's all. The only thing left is to remove this redundant type_transition rule from cron.te :-P Best regards, Harry > From: russell at coker.com.au > To: refpolicy at oss.tresys.com > Subject: Re: [refpolicy] cron patches and remaining questions > Date: Mon, 14 Feb 2011 13:12:03 +1100 > CC: harrytaurus2002 at hotmail.com; guido at trentalancia.com > > On Tuesday 01 February 2011 23:11:30 HarryCiao wrote: > > So I expect when the crond_t creates cron log files during system booting > > up, this newly created file should be auto-labeled as cron_log_t, rather > > than the inherited label for its parent directory. > > BTW, once we fix the label of /var/log/cron(\.log)? file, we also have to > > grant the write permission on it to the syslogd_t domain. > > On which distribution does crond create /var/log/cron.log? > > On Debian and Red Hat based systems it's always been created and managed by > syslogd (or rsyslogd etc) AFAIK. > > Why does anything need to change in this regard? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110214/d5b49526/attachment.html