apparmor/profiles/apparmor.d/sbin.syslogd

# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2010 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

abi <abi/4.0>,

include <tunables/global>

profile syslogd /{usr/,}{bin,sbin}/syslogd {
  include <abstractions/base>
  include <abstractions/nameservice>
  include <abstractions/consoles>

  capability sys_tty_config,
  capability dac_override,
  capability dac_read_search,
  capability setuid,
  capability setgid,
  capability syslog,

  unix (receive) type=dgram,
  unix (receive) type=stream,

  /dev/log                      wl,
  /var/lib/*/dev/log            wl,
  /dev/kmsg                     r,
  /proc/kmsg                    r,

  /dev/tty*                     w,
  /dev/xconsole                 rw,
  /etc/syslog.conf              r,
  /etc/syslog.d/                r,
  /etc/syslog.d/*               r,
  /{usr/,}{bin,sbin}/syslogd    rmix,
  /var/log/**                   rw,
  @{run}/syslog.pid           krwl,
  @{run}/syslogd.pid          krwl,
  @{run}/utmp                 rw,
  /var/spool/compaq/nic/messages_fifo rw,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/sbin.syslogd>
}