To
ssh://git.fedorahosted.org/git/389/ds.git
c177c34..b2e2a3f master -> master
commit b2e2a3f5294707e1ccf2b25fd281ce3653dac819
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Nov 23 09:48:50 2009 -0800
Allow dirsrv_t to log to a fifo in SELinux policy.
This patch changes the SELinux dirsrv policy to allow ns-slapd to
log to a fifo file.
Author: nkinder (Thanks!)
Tested on RHEL5 i386
diff --git a/selinux/dirsrv.if b/selinux/dirsrv.if
index 80b478f..b8e1a7f 100644
--- a/selinux/dirsrv.if
+++ b/selinux/dirsrv.if
@@ -77,6 +77,7 @@ interface(`dirsrv_manage_log',`
allow $1 dirsrv_var_log_t:dir manage_dir_perms;
allow $1 dirsrv_var_log_t:file manage_file_perms;
+ allow $1 dirsrv_var_log_t:fifo_file: manage_fifo_file_perms;
')
#######################################
diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index 60901f2..ef09fb2 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -105,6 +105,7 @@ files_var_lib_filetrans(dirsrv_t,dirsrv_var_lib_t, {
file dir sock_file })
# log files
manage_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
+manage_fifo_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
allow dirsrv_t dirsrv_var_log_t:dir { setattr };
logging_log_filetrans(dirsrv_t,dirsrv_var_log_t,{ sock_file file dir })