From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17ECCC43612 for ; Tue, 15 Jan 2019 03:20:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DBEC120645 for ; Tue, 15 Jan 2019 03:20:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="gVpUXEBm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727620AbfAODUe (ORCPT ); Mon, 14 Jan 2019 22:20:34 -0500 Received: from mail-eopbgr700096.outbound.protection.outlook.com ([40.107.70.96]:51280 "EHLO NAM04-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727341AbfAODUe (ORCPT ); Mon, 14 Jan 2019 22:20:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t3FtgBYaITM4bNYCXUf1XcCsGVn2rz6/Oe1vFsOQtIY=; b=gVpUXEBmdM1o1RMN3831Ksuwp4tSH8Dlh8vlwxpVRhhfT3LN3UX+SibXLXh70FG1egAmq26afYuuKvxJGAItUw4lP96DvNXeTGBKdmMdnqVxN7K8Pz98ta5/rqPZDrXIVyGMzfHrznw4KcNQlfAHeExl19vDMinpeo60R7op/jQ= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1156.namprd15.prod.outlook.com (10.172.205.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.18; Tue, 15 Jan 2019 03:20:31 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::6d82:5bd:50b3:6a10]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::6d82:5bd:50b3:6a10%3]) with mapi id 15.20.1516.019; Tue, 15 Jan 2019 03:20:31 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] label journald configuraiton files syslog_conf_t Thread-Topic: [PATCH] label journald configuraiton files syslog_conf_t Thread-Index: AQHUrIFD/ouDwPmAWkeK3Jnti0w+yw== Date: Tue, 15 Jan 2019 03:20:29 +0000 Message-ID: <20190115032018.28662-3-dsugar@tresys.com> References: <20190115032018.28662-1-dsugar@tresys.com> In-Reply-To: <20190115032018.28662-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: BL0PR02CA0009.namprd02.prod.outlook.com (2603:10b6:207:3c::22) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN6PR15MB1156;6:S/h0GUNxvsrB4srTqB9BwJ+bPBhqlN+TIQQd/98xDmP2lqOlQibT6cdWQwhLMel8D72bvH4xo/OSBVCn4JUWKOJvyk0Ox79nVL8lq/RnvzDx3+vlLYz9TG35h6AcNMECalZV1icEPqVXD0oTPVtkPeMdj8Q9LMW7E/WKN551w1fwFnQv5XbzlZnbjc4mOIlmGub4m4eQXQlyU3pEOCgI2QEURr9f7jNCJ45QZnHMKrh9G3oj6mklLmW1HgruXejeupNL7TiS+3rP6h76kgIZ0kpTUc0SsZlENty4mJgdSOVnkakzJHIB+2RqG9O5/r0XdVwnXTMKhBVzPk5xWEbyxDXsVvU/wdlHuNydfWNihamoV9p2QeEePtj9/vo+qUFbziJWkdklOmNd+bAm1ZKWjCmcqoJfz1bs/XBKaJGE7+7c0SvCNx3n0IsKmdr1Yv0pQ6qOYLIkb2zAM0spegdOMw==;5:4yClQ94qYIS6/Hc5It+xH+l/mDgR1KPxpkF71Huo3rA3CoI3IVP/Yp8mYxaUJm5J5MbRoQSoCrT8eks4Q1FFK/rDrmOFIgZoNjgE8Oc1MWsrZmz2pNyP/FWX4TQejX4HlVkET7VcJNcl61me7WnxuKDAh2D6nFb2rIe2UiaerfJ84JPkCPn4XTpfweF0Up18hliWzOnss709RRUl2rA2xQ==;7:HACfzoIc4HE5qEvkDh1ltyWtsweO5akheKOtTXRSOxCMaG5jx2rw0O2X8ArsW/bCj9+uGeKZr2NnWExJt+patAH2gccvehCBDCy4pOG/cqXGtZgedp/bFvRkmW5lUoWnmIsJIHrWrSvG8G2s+zZpRg== x-ms-office365-filtering-correlation-id: d337fc8a-6f98-448c-a23e-08d67a986644 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(7094020)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7027125)(7023125)(5600109)(711020)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1156; x-ms-traffictypediagnostic: BN6PR15MB1156: x-microsoft-antispam-prvs: x-forefront-prvs: 0918748D70 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(366004)(189003)(199004)(86362001)(14454004)(256004)(508600001)(446003)(2501003)(6486002)(36756003)(486006)(66066001)(6436002)(5640700003)(97736004)(11346002)(476003)(105586002)(2616005)(106356001)(2906002)(2351001)(99286004)(26005)(76176011)(52116002)(6116002)(25786009)(3846002)(7736002)(5660300001)(8936002)(6512007)(305945005)(102836004)(71200400001)(53936002)(81156014)(8676002)(50226002)(6916009)(81166006)(68736007)(6506007)(386003)(1076003)(71190400001)(186003);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1156;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: EyY2l7bfiI8o9Tth6VokEtbkgFs8I7FtLmheMvcdkgAHWmWUqJayuyn07EYzO08whgUeGx5mxJB9AR61wWMkfQbD0CPGRXHtpSjzLwhySwoXJNc7gvX4NeREOMsxNLop1vXwDNTjP2gY2yrx53+uFXzbIB7Y5uvSi4F0gmHtSA966km1DBfzY9Apm7K1tEtki1A92iRxStWA4TNeQ3o7wx4k4n2s7o94IiqboUy0rAVDFRhUXV7PXQpu/yoGdck2q/lJhuXN6Ku+Kvv2ha2bzEfn8NvX21WTFqEvtLj/pmakbYAA82ztL1nWJII4+iCIpAYZb5Kek4ew2opphPLNbLmmw2kHx/tTQ4t14q2+KEcNZDXuTzbYOA3CLemA4Gf6PDzGc+c0G9th9bmysG6Gz115O71bW7YB+ob+uwLKkEo= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: d337fc8a-6f98-448c-a23e-08d67a986644 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2019 03:20:28.8295 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1156 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org journald already runs as syslogd_t label the config files similarly to allow editing by domains that can edit syslog configuration files. Also added some missing '\' before dot in filenames. Signed-off-by: Dave Sugar --- policy/modules/system/logging.fc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/policy/modules/system/logging.fc b/policy/modules/system/loggi= ng.fc index c579c2d3..6693d87b 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -1,11 +1,13 @@ /dev/log -s gen_context(system_u:object_r:devlog_t,mls_systemhigh) =20 -/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) -/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) -/etc/rsyslog.d(/.*)? gen_context(system_u:object_r:syslog_conf_t,s0) -/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhig= h) -/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_e= xec_t,s0) -/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc= _exec_t,s0) +/etc/rsyslog\.conf -- gen_context(system_u:object_r:syslog_conf_t,s0) +/etc/syslog\.conf -- gen_context(system_u:object_r:syslog_conf_t,s0) +/etc/rsyslog\.d(/.*)? gen_context(system_u:object_r:syslog_conf_t,s0) +/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_syste= mhigh) +/etc/systemd/journal.*\.conf -- gen_context(system_u:object_r:syslog_conf= _t,s0) +/etc/systemd/journald\.conf\.d(/.*)? gen_context(system_u:object_r:syslog_= conf_t,s0) +/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initr= c_exec_t,s0) +/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_ini= trc_exec_t,s0) =20 /usr/bin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0) /usr/bin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec= _t,s0) --=20 2.20.1