[OpenAFS] Re: selinux afs domain v 0.2

Russell Coker Russell Coker <russell@coker.com.au>
Tue, 21 Jan 2003 03:01:38 +0100


On Tue, 21 Jan 2003 02:07, forrest whitcher wrote:
> types/file.te:                              #afsd needs to write
> /usr/etc/openafs/AFSLog
>
> # usr_etc_log_t is created primarily for afsd which
> # wants to keep a log in /usr/etc/openafs
>
> type usr_etc_log_t, file_type, sysadmfile;

This is a really bad name.

Firstly your AFS package is broken.  It should not put logs under an "etc" 
directory, and even having /usr/etc is bad enough.  I suggest recompiling 
your AFS to put the logs in /var/log/afs* .

Then just do:
log_domain(afsd)

Also look at the rw_dir_create_file() macro and the use of { type types ... } 
for specifying the types of files and directories, using those methods you 
can significantly reduce the size of your policy file without changing the 
result.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page