1 |
commit: 2cbaf896cd0f93918e73d10814cd68fcb693d80a |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sat Nov 17 20:58:48 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Wed Nov 21 20:58:24 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2cbaf896 |
7 |
|
8 |
Introducing cron_manage_log_files interface |
9 |
|
10 |
The metalog system logger also tackles rotation and clean-up of log files it |
11 |
manages. Hence, it requires manage privileges on these log files. Cron log files |
12 |
are an example of this, so we introduce the cron_manage_log_files interface. |
13 |
|
14 |
Added a logging_search_logs() call as per Dominick's suggestion. |
15 |
|
16 |
Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be> |
17 |
|
18 |
--- |
19 |
policy/modules/contrib/cron.if | 21 +++++++++++++++++++++ |
20 |
1 files changed, 21 insertions(+), 0 deletions(-) |
21 |
|
22 |
diff --git a/policy/modules/contrib/cron.if b/policy/modules/contrib/cron.if |
23 |
index 279dc32..5d1a48e 100644 |
24 |
--- a/policy/modules/contrib/cron.if |
25 |
+++ b/policy/modules/contrib/cron.if |
26 |
@@ -471,6 +471,27 @@ interface(`cron_write_log_files',` |
27 |
|
28 |
######################################## |
29 |
## <summary> |
30 |
+## Create, read, write and delete |
31 |
+## cron log files. |
32 |
+## </summary> |
33 |
+## <param name="domain"> |
34 |
+## <summary> |
35 |
+## Domain allowed access. |
36 |
+## </summary> |
37 |
+## </param> |
38 |
+# |
39 |
+interface(`cron_manage_log_files',` |
40 |
+ gen_require(` |
41 |
+ type cron_log_t; |
42 |
+ ') |
43 |
+ |
44 |
+ manage_files_pattern($1, cron_log_t, cron_log_t) |
45 |
+ |
46 |
+ logging_search_logs($1) |
47 |
+') |
48 |
+ |
49 |
+######################################## |
50 |
+## <summary> |
51 |
## Create specified objects in generic |
52 |
## log directories with the cron log file type. |
53 |
## </summary> |