2014-07-21 15:08:22 +02:00
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
#
|
|
|
|
|
# Copyright (C) 2014 Novell/SUSE
|
|
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
|
|
|
# License published by the Free Software Foundation.
|
|
|
|
|
#
|
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
#include <tunables/global>
|
|
|
|
|
|
|
|
|
|
/usr/sbin/rsyslogd {
|
|
|
|
|
#include <abstractions/base>
|
|
|
|
|
#include <abstractions/consoles>
|
|
|
|
|
# general networking is allowed here
|
|
|
|
|
#include <abstractions/nameservice>
|
|
|
|
|
|
|
|
|
|
capability block_suspend,
|
|
|
|
|
capability dac_override,
|
|
|
|
|
capability sys_nice,
|
|
|
|
|
capability sys_tty_config,
|
|
|
|
|
capability syslog,
|
|
|
|
|
|
|
|
|
|
/dev/tty* w,
|
|
|
|
|
/dev/xconsole rw,
|
|
|
|
|
|
|
|
|
|
/etc/rsyslog.conf r,
|
|
|
|
|
/etc/rsyslog.d/ r,
|
|
|
|
|
/etc/rsyslog.d/* r,
|
|
|
|
|
|
|
|
|
|
/usr/lib{,32,64}/rsyslog/* mr,
|
|
|
|
|
/usr/sbin/rsyslogd mr,
|
|
|
|
|
|
|
|
|
|
/var/log/** rw,
|
|
|
|
|
|
|
|
|
|
/proc/kmsg r,
|
|
|
|
|
|
|
|
|
|
/{var/,}run/rsyslog/* r,
|
|
|
|
|
/{var/,}run/rsyslogd.pid rwk,
|
|
|
|
|
/{var/,}run/systemd/journal/syslog w,
|
|
|
|
|
|
|
|
|
|
# include rules for rsyslog-module-* packages
|
2015-04-20 23:12:25 +02:00
|
|
|
# change that to <rsyslog.d> once it is moved to /etc/apparmor.d
|
|
|
|
|
#include "/etc/apparmor/profiles/extras/rsyslog.d"
|
2014-07-21 15:08:22 +02:00
|
|
|
}
|
