diff --git a/policy/modules/admin/shorewall.fc b/policy/modules/admin/shorewall.fc index 6286e2b..029cb7e 100644 --- a/policy/modules/admin/shorewall.fc +++ b/policy/modules/admin/shorewall.fc @@ -10,3 +10,5 @@ /var/lib/shorewall(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0) /var/lib/shorewall6(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0) /var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0) + +/var/log/shorewall.* gen_context(system_u:object_r:shorewall_log_t,s0) diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te index 625341e..371f6a6 100644 --- a/policy/modules/admin/shorewall.te +++ b/policy/modules/admin/shorewall.te @@ -29,6 +29,9 @@ files_tmp_file(shorewall_tmp_t) type shorewall_var_lib_t; files_type(shorewall_var_lib_t) +type shorewall_log_t; +logging_log_file(shorewall_log_t) + ######################################## # # shorewall local policy @@ -49,6 +52,10 @@ manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file }) +manage_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) +manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) +logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir }) + manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t) manage_files_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t) files_tmp_filetrans(shorewall_t, shorewall_tmp_t, { file dir })