Written by: Martin Orr

rsyslog creates /dev/xconsole, which I think must not have existed with sysklogd

Allow xconsole_device_t on device_t filesystem (i.e. devtmpfs)
Allow cryptsetup to getattr xconsole_device_t on shutdown

Index: policy/modules/system/logging.te
===================================================================
--- policy/modules/system/logging.te.orig
+++ policy/modules/system/logging.te
@@ -89,7 +89,7 @@
 # this is not actually a device, its a pipe
 type xconsole_device_t;
 files_type(xconsole_device_t)
-fs_associate_tmpfs(xconsole_device_t)
+dev_associate(xconsole_device_t)
 files_associate_tmp(xconsole_device_t)
 allow syslogd_t xconsole_device_t:fifo_file rw_file_perms;
 
Index: policy/modules/system/logging.if
===================================================================
--- policy/modules/system/logging.if.orig
+++ policy/modules/system/logging.if
@@ -919,6 +919,24 @@
 
 ########################################
 ## <summary>
+##	Get the attributes of the xconsole named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`logging_getattr_xconsole',`
+	gen_require(`
+		type xconsole_device_t;
+	')
+
+	allow $1 xconsole_device_t:fifo_file getattr;
+')
+
+########################################
+## <summary>
 ##	Read the xconsole named pipe.
 ## </summary>
 ## <param name="domain">
Index: policy/modules/system/lvm.te
===================================================================
--- policy/modules/system/lvm.te.orig
+++ policy/modules/system/lvm.te
@@ -298,6 +298,7 @@
 init_use_script_ptys(lvm_t)
 init_read_script_state(lvm_t)
 
+logging_getattr_xconsole(lvm_t)
 logging_send_syslog_msg(lvm_t)
 
 miscfiles_read_localization(lvm_t)