Problem with audit2allow reference policy involving logs
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 28 18:18:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Forrest Taylor wrote:
> Running RHEL5.1 with with selinux-policy-strict-2.4.6-106.el5_1.3.
>
> I am building my own policy for FTP and in creating the xferlog,
> audit2allow -alR gives this macro:
>
> logging_search_logs(ftpd_t)
>
> The problem is that this macros generates the following type transition:
>
> type_transition ftpd_t var_log_t : file sendmail_log_t;
>
I think you are wrong here.
interface(`logging_search_logs',`
gen_require(`
type var_log_t;
')
files_search_var($1)
allow $1 var_log_t:dir search_dir_perms;
')
> This, of course, is not really what I want, so I dropped the -R option
> to audit2allow and it returns:
>
> allow ftpd_t var_log_t:dir search;
>
> With the next iteration, audit2allow -alR shows:
>
> sendmail_create_log(ftpd_t)
>
I have no idea where this comes from, I guess I would need to see you
log files.
> and audit2allow -la shows:
>
> allow ftpd_t var_log_t:dir write;
>
> Someone really liked sendmail_log_t ;o)
>
> Forrest
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfG+vEACgkQrlYvE4MpobN1VACffeQUQQxs9LswugYoaVN63JNn
ePAAoOsQyxwM431hRZJXxrV285bI3nWI
=LNnL
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list