commit: 0f123fb70ecdda06fdd36db9471b2f3fb9f0d2e6 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Tue Jun 9 14:03:54 2015 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Tue Jun 9 14:03:54 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0f123fb7
Allow logrotate to call fail2ban-client (as installed by fail2ban package) policy/modules/contrib/logrotate.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/policy/modules/contrib/logrotate.te b/policy/modules/contrib/logrotate.te index 62b05af..7b302cc 100644 --- a/policy/modules/contrib/logrotate.te +++ b/policy/modules/contrib/logrotate.te @@ -251,3 +251,8 @@ allow logrotate_mail_t logrotate_t:process sigchld; manage_files_pattern(logrotate_mail_t, logrotate_tmp_t, logrotate_tmp_t) logging_read_all_logs(logrotate_mail_t) + +ifdef(`distro_gentoo',` + # Fix bug 534256 - fail2ban installs a logrotate file that calls fail2ban-client so allow transition + fail2ban_domtrans_client(logrotate_t) +')
