diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2023-07-27 14:07:48 -0400 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2023-07-31 15:05:30 -0400 |
| commit | 1924d975283210f0c36bc3c0e8ce516ccc06961f (patch) | |
| tree | 494be7575b6219b816613ddefb6072973d8e78d4 /recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch | |
| parent | 4f3ec6e10f13aaf19fbca9a18547f9e72ba1ec0a (diff) | |
| download | meta-selinux-1924d975283210f0c36bc3c0e8ce516ccc06961f.tar.gz | |
refpolicy: update to 20200229+gitdunfell
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd and sysvinit can work with all policy types.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
(cherry picked from commit 15fed8756aa4828fa12a3d813754b4ca65a7607d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch b/recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch new file mode 100644 index 0000000..cb5b88d --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | From b585008cec90386903e7613a4a22286c0a94be8c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 3 | Date: Tue, 24 Jan 2017 08:45:35 +0000 | ||
| 4 | Subject: [PATCH] policy/modules/system/logging: fix auditd startup failures | ||
| 5 | |||
| 6 | Fixes: | ||
| 7 | avc: denied { getcap } for pid=849 comm="auditctl" \ | ||
| 8 | scontext=system_u:system_r:auditctl_t:s0-s15:c0.c1023 \ | ||
| 9 | tcontext=system_u:system_r:auditctl_t:s0-s15:c0.c1023 \ | ||
| 10 | tclass=process | ||
| 11 | |||
| 12 | avc: denied { setattr } for pid=848 comm="auditd" \ | ||
| 13 | name="audit" dev="tmpfs" ino=9569 \ | ||
| 14 | scontext=system_u:system_r:auditd_t:s15:c0.c1023 \ | ||
| 15 | tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 \ | ||
| 16 | tclass=dir | ||
| 17 | |||
| 18 | avc: denied { search } for pid=731 comm="auditd" \ | ||
| 19 | name="/" dev="tmpfs" ino=9399 \ | ||
| 20 | scontext=system_u:system_r:auditd_t:s15:c0.c1023 \ | ||
| 21 | tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir | ||
| 22 | |||
| 23 | Upstream-Status: Inappropriate [embedded specific] | ||
| 24 | |||
| 25 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 26 | --- | ||
| 27 | policy/modules/system/logging.te | 2 ++ | ||
| 28 | 1 file changed, 2 insertions(+) | ||
| 29 | |||
| 30 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
| 31 | index 2d9f65d2d..95309f334 100644 | ||
| 32 | --- a/policy/modules/system/logging.te | ||
| 33 | +++ b/policy/modules/system/logging.te | ||
| 34 | @@ -157,6 +157,7 @@ allow auditd_t auditd_etc_t:dir list_dir_perms; | ||
| 35 | allow auditd_t auditd_etc_t:file read_file_perms; | ||
| 36 | dontaudit auditd_t auditd_etc_t:file map; | ||
| 37 | |||
| 38 | +manage_dirs_pattern(auditd_t, auditd_log_t, auditd_log_t) | ||
| 39 | manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t) | ||
| 40 | allow auditd_t auditd_log_t:dir setattr; | ||
| 41 | manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t) | ||
| 42 | @@ -177,6 +178,7 @@ dev_read_sysfs(auditd_t) | ||
| 43 | fs_getattr_all_fs(auditd_t) | ||
| 44 | fs_search_auto_mountpoints(auditd_t) | ||
| 45 | fs_rw_anon_inodefs_files(auditd_t) | ||
| 46 | +fs_search_tmpfs(auditd_t) | ||
| 47 | |||
| 48 | selinux_search_fs(auditctl_t) | ||
| 49 | |||
| 50 | -- | ||
| 51 | 2.17.1 | ||
| 52 | |||