commit: 0c3ef6276b664ad06dce7ef4bea5d3509148f249
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sun Sep 3 20:19:56 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Sep 8 22:48:51 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0c3ef627
logrotate: allow systemd to start logrotate
On Arch Linux, logrotate is a service launched by systemd:
avc: denied { execute_no_trans } for pid=216 comm="(ogrotate)"
path="/usr/bin/logrotate" dev="vda1" ino=396833
scontext=system_u:system_r:init_t
tcontext=system_u:object_r:logrotate_exec_t tclass=file
permissive=1
policy/modules/contrib/logrotate.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/logrotate.te
b/policy/modules/contrib/logrotate.te
index ab2c6152..77c36f66 100644
--- a/policy/modules/contrib/logrotate.te
+++ b/policy/modules/contrib/logrotate.te
@@ -14,6 +14,7 @@ domain_type(logrotate_t)
domain_obj_id_change_exemption(logrotate_t)
domain_system_change_exemption(logrotate_t)
domain_entry_file(logrotate_t, logrotate_exec_t)
+init_system_domain(logrotate_t, logrotate_exec_t)
role logrotate_roles types logrotate_t;
type logrotate_lock_t;
