phpfpm: add syslog msg tunable

Closes: https://github.com/perfinion/hardened-refpolicy/pull/9 Signed-off-by: Kenton Groombridge <me@concord.sh> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Kenton Groombridge <me@concord.sh> 2021-01-26 20:00:34 -0500
committer: Jason Zaman <perfinion@gentoo.org> 2021-02-06 19:17:59 -0800
commit: 1581c6e212d21a0ecb47dddfe2da57744fd75600 (patch)
tree: e48ca21b6c782501a17e970036938d1dac53c116 /policy/modules/contrib
parent: services/jabber.fc: Gentoo uses /var/spool/jabber as the default spool (diff)
download: hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.tar.gz
hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.tar.bz2
hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/policy/modules/contrib/phpfpm.te b/policy/modules/contrib/phpfpm.te
index fd2a0565..cffae6d7 100644
--- a/policy/modules/contrib/phpfpm.te
+++ b/policy/modules/contrib/phpfpm.te
@@ -12,6 +12,13 @@ policy_module(phpfpm, 1.1)
 ## </desc>
 gen_tunable(phpfpm_use_ldap, false)
 
+## <desc>
+## <p>
+## Allow phpfpm to send syslog messages
+## </p>
+## </desc>
+gen_tunable(phpfpm_send_syslog_msg, false)
+
 type phpfpm_t;
 type phpfpm_exec_t;
 init_daemon_domain(phpfpm_t, phpfpm_exec_t)
@@ -98,3 +105,7 @@ optional_policy(`
 		sysnet_use_ldap(phpfpm_t)
 	')
 ')
+
+tunable_policy(`phpfpm_send_syslog_msg',`
+	logging_send_syslog_msg(phpfpm_t)
+')
author	Kenton Groombridge <me@concord.sh>	2021-01-26 20:00:34 -0500
committer	Jason Zaman <perfinion@gentoo.org>	2021-02-06 19:17:59 -0800
commit	1581c6e212d21a0ecb47dddfe2da57744fd75600 (patch)
tree	e48ca21b6c782501a17e970036938d1dac53c116 /policy/modules/contrib
parent	services/jabber.fc: Gentoo uses /var/spool/jabber as the default spool (diff)
download	hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.tar.gz hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.tar.bz2 hardened-refpolicy-1581c6e212d21a0ecb47dddfe2da57744fd75600.zip