# Last Modified: Sun Sep 25 08:58:35 2011
#include <tunables/global>
# Debugging the syslogger can be difficult if it can't write to the file
# that the kernel is logging denials to. In these cases, you can do the
# following:
# watch -n 1 'dmesg | tail -5'
/usr/sbin/rsyslogd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability sys_tty_config,
capability dac_override,
capability dac_read_search,
capability setuid,
capability setgid,
capability sys_nice,
capability syslog,
unix (receive) type=dgram,
unix (receive) type=stream,
# rsyslog configuration
/etc/rsyslog.conf r,
/etc/rsyslog.d/ r,
/etc/rsyslog.d/** r,
/{,var/}run/rsyslogd.pid{,.tmp} rwk,
/var/spool/rsyslog/ r,
/var/spool/rsyslog/** rwk,
/usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr,
/dev/tty* rw,
/dev/xconsole rw,
@{PROC}/kmsg r,
/dev/log rwl,
/{,var/}run/utmp rk,
/var/lib/*/dev/log rwl,
/var/spool/postfix/dev/log rwl,
/{,var/}run/systemd/notify w,
# 'r' is needed when using imfile
/var/log/** rw,
# Add these for mysql support
#/etc/mysql/my.cnf r,
#/{,var/}run/mysqld/mysqld.sock rw,
# Add thes for postgresql support
##include <abstractions/openssl>
##include <abstractions/ssl_certs>
#/{,var/}run/postgresql/.s.PGSQL.*[0-9] rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.rsyslogd>
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| abstractions | Folder | 0755 |
|
|
| cache | Folder | 0755 |
|
|
| disable | Folder | 0755 |
|
|
| force-complain | Folder | 0755 |
|
|
| local | Folder | 0755 |
|
|
| lxc | Folder | 0755 |
|
|
| tunables | Folder | 0755 |
|
|
| lxc-containers | File | 198 B | 0644 |
|
| sbin.dhclient | File | 3.12 KB | 0644 |
|
| system_tor | File | 684 B | 0644 |
|
| usr.bin.lxc-start | File | 125 B | 0644 |
|
| usr.bin.man | File | 2.79 KB | 0644 |
|
| usr.lib.snapd.snap-confine.real | File | 27.82 KB | 0644 |
|
| usr.sbin.mysqld | File | 1.75 KB | 0644 |
|
| usr.sbin.rsyslogd | File | 1.51 KB | 0644 |
|
| usr.sbin.tcpdump | File | 1.42 KB | 0644 |
|