<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_kdbus.html'> kdbus</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_systemd.html'> systemd</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: logging</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Policy for the kernel message logger and system logging daemon.</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_logging_syslogd_can_sendmail"></a> <div id="interface"> <div id="codeblock">logging_syslogd_can_sendmail</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow syslogd daemon to send mail </p><p> </p> </div></div> <a name="link_logging_syslogd_run_nagios_plugins"></a> <div id="interface"> <div id="codeblock">logging_syslogd_run_nagios_plugins</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow syslogd the ability to call nagios plugins. It is turned on by omprog rsyslog plugin. </p><p> </p> </div></div> <a name="link_logging_syslogd_use_tty"></a> <div id="interface"> <div id="codeblock">logging_syslogd_use_tty</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow syslogd the ability to read/write terminals </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_logging_admin"></a> <div id="interface"> <div id="codeblock"> <b>logging_admin</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> All of the rules required to administrate the logging environment </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> User role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_admin_audit"></a> <div id="interface"> <div id="codeblock"> <b>logging_admin_audit</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> All of the rules required to administrate the audit environment </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> User role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_admin_syslog"></a> <div id="interface"> <div id="codeblock"> <b>logging_admin_syslog</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> All of the rules required to administrate the syslog environment </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> User role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_append_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_append_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to all log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_check_exec_syslog"></a> <div id="interface"> <div id="codeblock"> <b>logging_check_exec_syslog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Check if syslogd is executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_create_devlog_dev"></a> <div id="interface"> <div id="codeblock"> <b>logging_create_devlog_dev</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the syslog control unix stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_delete_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_delete_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_dispatcher_domain"></a> <div id="interface"> <div id="codeblock"> <b>logging_dispatcher_domain</b>( domain , entry_point )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create a domain for processes which can be started by the system audit dispatcher </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Type to be used as a domain. </p> </td></tr> <tr><td> entry_point </td><td> <p> Type of the program to be used as an entry point to this domain. </p> </td></tr> </table> </div> </div> <a name="link_logging_domtrans_auditctl"></a> <div id="interface"> <div id="codeblock"> <b>logging_domtrans_auditctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditctl in the auditctl domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_domtrans_auditd"></a> <div id="interface"> <div id="codeblock"> <b>logging_domtrans_auditd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditd in the auditd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_domtrans_dispatcher"></a> <div id="interface"> <div id="codeblock"> <b>logging_domtrans_dispatcher</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a domain transition to run the audit dispatcher. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_domtrans_klog"></a> <div id="interface"> <div id="codeblock"> <b>logging_domtrans_klog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute klogd in the klog domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_domtrans_syslog"></a> <div id="interface"> <div id="codeblock"> <b>logging_domtrans_syslog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute syslogd in the syslog domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_getattr_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_getattr_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of any log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_rw_inherited_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_rw_inherited_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit read/Write inherited generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_search_audit_config"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_search_audit_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit search of auditd configuration files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_search_audit_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_search_audit_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit search of auditd log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_search_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_search_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the var log directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain not to audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_send_audit_msgs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_send_audit_msgs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit attempts to send audit messages. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_dontaudit_write_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_dontaudit_write_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit Write generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_logging_exec_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_exec_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute all log files in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_filetrans_named_conf"></a> <div id="interface"> <div id="codeblock"> <b>logging_filetrans_named_conf</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to syslog.conf </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_filetrans_named_content"></a> <div id="interface"> <div id="codeblock"> <b>logging_filetrans_named_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to logging named content </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_getattr_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_getattr_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the atttributes of any log file </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access </p> </td></tr> </table> </div> </div> <a name="link_logging_inherit_append_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_inherit_append_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to all log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_link_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_link_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Link generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_list_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_list_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of the generic log directory (/var/log). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_log_file"></a> <div id="interface"> <div id="codeblock"> <b>logging_log_file</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable for log files in a filesystem. </p> <h5>Description</h5> <p> </p><p> Make the specified type usable for log files in a filesystem. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a log file type may result in problems with log rotation, log analysis, and log monitoring programs. </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>logging_log_filetrans()</p></li><p> </p></ul><p> </p><p> Example usage with a domain that can create and append to a private log file stored in the general directories (e.g., /var/log): </p><p> </p><p> type mylogfile_t; logging_log_file(mylogfile_t) allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms }; logging_log_filetrans(mydomain_t, mylogfile_t, file) </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used for files. </p> </td></tr> </table> </div> </div> <a name="link_logging_log_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>logging_log_filetrans</b>( domain , private type , object , name )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create an object in the log directory, with a private type. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to create an object in the general system log directories (e.g., /var/log) with a private type. Typically this is used for creating private log files in /var/log with the private type instead of the general system log type. To accomplish this goal, either the program must be SELinux-aware, or use this interface. </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>logging_log_file()</p></li><p> </p></ul><p> </p><p> Example usage with a domain that can create and append to a private log file stored in the general directories (e.g., /var/log): </p><p> </p><p> type mylogfile_t; logging_log_file(mylogfile_t) allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms }; logging_log_filetrans(mydomain_t, mylogfile_t, file) </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private type </td><td> <p> The type of the object to be created. </p> </td></tr> <tr><td> object </td><td> <p> The object class of the object being created. </p> </td></tr> <tr><td> name </td><td> <p> The name of the object being created. </p> </td></tr> </table> </div> </div> <a name="link_logging_log_named_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>logging_log_named_filetrans</b>( domain , private type , object , name )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create an object in the log directory, with a private type. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to create an object in the general system log directories (e.g., /var/log) with a private type. Typically this is used for creating private log files in /var/log with the private type instead of the general system log type. To accomplish this goal, either the program must be SELinux-aware, or use this interface. </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>logging_log_file()</p></li><p> </p></ul><p> </p><p> Example usage with a domain that can create and append to a private log file stored in the general directories (e.g., /var/log): </p><p> </p><p> type mylogfile_t; logging_log_file(mylogfile_t) allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms }; logging_log_filetrans(mydomain_t, mylogfile_t, file) </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private type </td><td> <p> The type of the object to be created. </p> </td></tr> <tr><td> object </td><td> <p> The object class of the object being created. </p> </td></tr> <tr><td> name </td><td> <p> The name of the object being created. </p> </td></tr> </table> </div> </div> <a name="link_logging_manage_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_manage_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete all log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_manage_audit_config"></a> <div id="interface"> <div id="codeblock"> <b>logging_manage_audit_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage the auditd configuration files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_manage_audit_log"></a> <div id="interface"> <div id="codeblock"> <b>logging_manage_audit_log</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage the audit log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_manage_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_manage_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_manage_syslog_config"></a> <div id="interface"> <div id="codeblock"> <b>logging_manage_syslog_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage syslog configuration files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_audit_config"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_audit_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the auditd configuration files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_audit_log"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_audit_log</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the audit log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_syslog_config"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_syslog_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read syslog configuration files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_read_syslog_pid"></a> <div id="interface"> <div id="codeblock"> <b>logging_read_syslog_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to read the syslog pid files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_relabel_all_log_dirs"></a> <div id="interface"> <div id="codeblock"> <b>logging_relabel_all_log_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel on all log dirs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_relabel_devlog_dev"></a> <div id="interface"> <div id="codeblock"> <b>logging_relabel_devlog_dev</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel the devlog sock_file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_relabel_syslog_pid_socket"></a> <div id="interface"> <div id="codeblock"> <b>logging_relabel_syslog_pid_socket</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel the syslog pid sock_file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_run_auditctl"></a> <div id="interface"> <div id="codeblock"> <b>logging_run_auditctl</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditctl in the auditctl domain, and allow the specified role the auditctl domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_run_auditd"></a> <div id="interface"> <div id="codeblock"> <b>logging_run_auditd</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditd in the auditd domain, and allow the specified role the auditd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_rw_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_rw_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> read/write to all log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_rw_generic_log_dirs"></a> <div id="interface"> <div id="codeblock"> <b>logging_rw_generic_log_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the generic log directory (/var/log). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_rw_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_rw_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_search_all_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_search_all_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search through all log dirs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_search_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_search_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the domain to open a file in the log directory, but does not allow the listing of the contents of the log directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_send_audit_msgs"></a> <div id="interface"> <div id="codeblock"> <b>logging_send_audit_msgs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send audit messages. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_send_syslog_msg"></a> <div id="interface"> <div id="codeblock"> <b>logging_send_syslog_msg</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send system log messages. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to connect to the system log service (syslog), to send messages be added to the system logs. Typically this is used by services that do not have their own log file in /var/log. </p><p> </p><p> This does not allow messages to be sent to the auditing system. </p><p> </p><p> Programs which use the libc function syslog() will require this access. </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>logging_send_audit_msgs()</p></li><p> </p></ul><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_set_audit_parameters"></a> <div id="interface"> <div id="codeblock"> <b>logging_set_audit_parameters</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set up audit </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_set_loginuid"></a> <div id="interface"> <div id="codeblock"> <b>logging_set_loginuid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set login uid </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_set_tty_audit"></a> <div id="interface"> <div id="codeblock"> <b>logging_set_tty_audit</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set tty auditing </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_setattr_all_log_dirs"></a> <div id="interface"> <div id="codeblock"> <b>logging_setattr_all_log_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set attributes on all log dirs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_signal_dispatcher"></a> <div id="interface"> <div id="codeblock"> <b>logging_signal_dispatcher</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Signal the audit dispatcher. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_stream_connect_auditd"></a> <div id="interface"> <div id="codeblock"> <b>logging_stream_connect_auditd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to auditdstored over a unix stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_stream_connect_dispatcher"></a> <div id="interface"> <div id="codeblock"> <b>logging_stream_connect_dispatcher</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the audit dispatcher over a unix stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_stream_connect_syslog"></a> <div id="interface"> <div id="codeblock"> <b>logging_stream_connect_syslog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the syslog control unix stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_logging_syslogd_pid_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>logging_syslogd_pid_filetrans</b>( domain , private_type , object_class , name )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in /run/systemd/journal/ directory with an automatic type transition to a specified private type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private_type </td><td> <p> The type of the object to create. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> <tr><td> name </td><td> <p> The name of the object being created. </p> </td></tr> </table> </div> </div> <a name="link_logging_systemctl_audit"></a> <div id="interface"> <div id="codeblock"> <b>logging_systemctl_audit</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditd server in the auditd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_systemctl_syslogd"></a> <div id="interface"> <div id="codeblock"> <b>logging_systemctl_syslogd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute auditd server in the auditd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_logging_write_generic_logs"></a> <div id="interface"> <div id="codeblock"> <b>logging_write_generic_logs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write generic log files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>