commit: d2bfc0cfbd0a662aa22874a440e4138b5ad7cf48
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Nov 23 15:26:50 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 13:13:11 2019 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d2bfc0cf
logging: Reorder lines.
No rule change.
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/logging.te | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 0ac55531..7aa2bcd0 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -425,14 +425,12 @@ manage_files_pattern(syslogd_t, syslogd_var_lib_t,
syslogd_var_lib_t)
allow syslogd_t syslogd_var_lib_t:file map;
files_search_var_lib(syslogd_t)
-# manage pid file
-manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t)
-allow syslogd_t syslogd_runtime_t:file map;
-
-files_pid_filetrans(syslogd_t, syslogd_runtime_t, file)
+# manage runtime files
allow syslogd_t syslogd_runtime_t:dir create_dir_perms;
-
allow syslogd_t syslogd_runtime_t:sock_file { create setattr };
+allow syslogd_t syslogd_runtime_t:file map;
+manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t)
+files_pid_filetrans(syslogd_t, syslogd_runtime_t, file)
kernel_read_crypto_sysctls(syslogd_t)
kernel_read_system_state(syslogd_t)
