diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch b/recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch new file mode 100644 index 0000000..ae6e5cf --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From bd4f7608f50da4a829d9042311163922776146ca Mon Sep 17 00:00:00 2001 | ||
2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
3 | Date: Thu, 22 Aug 2013 13:37:23 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/logging: fix auditd startup failures | ||
5 | |||
6 | Fixes: | ||
7 | avc: denied { read } for pid=321 comm="auditd" name="log" dev="vda" | ||
8 | ino=12552 scontext=system_u:system_r:auditd_t | ||
9 | tcontext=system_u:object_r:var_log_t tclass=lnk_file permissive=0 | ||
10 | |||
11 | Upstream-Status: Inappropriate [embedded specific] | ||
12 | |||
13 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/system/logging.te | 2 ++ | ||
17 | 1 file changed, 2 insertions(+) | ||
18 | |||
19 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
20 | index 45584dba6..8bc70b81d 100644 | ||
21 | --- a/policy/modules/system/logging.te | ||
22 | +++ b/policy/modules/system/logging.te | ||
23 | @@ -177,6 +177,7 @@ dontaudit auditd_t auditd_etc_t:file map; | ||
24 | manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t) | ||
25 | allow auditd_t auditd_log_t:dir setattr; | ||
26 | manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t) | ||
27 | +allow auditd_t var_log_t:lnk_file read_lnk_file_perms; | ||
28 | allow auditd_t var_log_t:dir search_dir_perms; | ||
29 | |||
30 | manage_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t) | ||
31 | @@ -306,6 +307,7 @@ optional_policy(` | ||
32 | allow audisp_remote_t self:capability { setpcap setuid }; | ||
33 | allow audisp_remote_t self:process { getcap setcap }; | ||
34 | allow audisp_remote_t self:tcp_socket create_socket_perms; | ||
35 | +allow audisp_remote_t var_log_t:lnk_file read_lnk_file_perms; | ||
36 | allow audisp_remote_t var_log_t:dir search_dir_perms; | ||
37 | |||
38 | manage_dirs_pattern(audisp_remote_t, audit_spool_t, audit_spool_t) | ||
39 | -- | ||
40 | 2.25.1 | ||
41 | |||