View file File name : usr.sbin.rsyslogd Content :# Last Modified: Sun Sep 25 08:58:35 2011 #include <tunables/global> # Debugging the syslogger can be difficult if it can't write to the file # that the kernel is logging denials to. In these cases, you can do the # following: # watch -n 1 'dmesg | tail -5' /usr/sbin/rsyslogd { #include <abstractions/base> #include <abstractions/nameservice> capability sys_tty_config, capability dac_override, capability dac_read_search, capability setuid, capability setgid, capability sys_nice, capability syslog, unix (receive) type=dgram, unix (receive) type=stream, # rsyslog configuration /etc/rsyslog.conf r, /etc/rsyslog.d/ r, /etc/rsyslog.d/** r, /{,var/}run/rsyslogd.pid{,.tmp} rwk, /var/spool/rsyslog/ r, /var/spool/rsyslog/** rwk, /usr/sbin/rsyslogd mr, /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr, /dev/tty* rw, /dev/xconsole rw, @{PROC}/kmsg r, /dev/log rwl, /{,var/}run/utmp rk, /var/lib/*/dev/log rwl, /var/spool/postfix/dev/log rwl, /{,var/}run/systemd/notify w, # 'r' is needed when using imfile /var/log/** rw, # Add these for mysql support #/etc/mysql/my.cnf r, #/{,var/}run/mysqld/mysqld.sock rw, # Add thes for postgresql support ##include <abstractions/openssl> ##include <abstractions/ssl_certs> #/{,var/}run/postgresql/.s.PGSQL.*[0-9] rw, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.rsyslogd> }