59 lines
1.5 KiB
Plaintext
59 lines
1.5 KiB
Plaintext
# Last Modified: Sun Sep 25 08:58:35 2011
|
|
#include <tunables/global>
|
|
|
|
# Debugging the syslogger can be difficult if it can't write to the file
|
|
# that the kernel is logging denials to. In these cases, you can do the
|
|
# following:
|
|
# watch -n 1 'dmesg | tail -5'
|
|
|
|
/usr/sbin/rsyslogd {
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
|
|
capability sys_tty_config,
|
|
capability dac_override,
|
|
capability dac_read_search,
|
|
capability setuid,
|
|
capability setgid,
|
|
capability sys_nice,
|
|
capability syslog,
|
|
|
|
unix (receive) type=dgram,
|
|
unix (receive) type=stream,
|
|
|
|
# rsyslog configuration
|
|
/etc/rsyslog.conf r,
|
|
/etc/rsyslog.d/ r,
|
|
/etc/rsyslog.d/** r,
|
|
/{,var/}run/rsyslogd.pid{,.tmp} rwk,
|
|
/var/spool/rsyslog/ r,
|
|
/var/spool/rsyslog/** rwk,
|
|
|
|
/usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr,
|
|
|
|
/dev/tty* rw,
|
|
/dev/xconsole rw,
|
|
@{PROC}/kmsg r,
|
|
|
|
/dev/log rwl,
|
|
/{,var/}run/utmp rk,
|
|
/var/lib/*/dev/log rwl,
|
|
/var/spool/postfix/dev/log rwl,
|
|
/{,var/}run/systemd/notify w,
|
|
|
|
# 'r' is needed when using imfile
|
|
/var/log/** rw,
|
|
|
|
# Add these for mysql support
|
|
#/etc/mysql/my.cnf r,
|
|
#/{,var/}run/mysqld/mysqld.sock rw,
|
|
|
|
# Add thes for postgresql support
|
|
##include <abstractions/openssl>
|
|
##include <abstractions/ssl_certs>
|
|
#/{,var/}run/postgresql/.s.PGSQL.*[0-9] rw,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.sbin.rsyslogd>
|
|
}
|