diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-allow-systemd-tmpfiles.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-allow-systemd-tmpfiles.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-allow-systemd-tmpfiles.patch b/recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-allow-systemd-tmpfiles.patch new file mode 100644 index 0000000..05a0887 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-allow-systemd-tmpfiles.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 1f7fb5de202cb30c45b4051b0bce6e9b1aa53ea8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Sat, 30 Sep 2023 17:20:29 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/logging: allow systemd-tmpfiles to | ||
5 | create /var/log/audit | ||
6 | |||
7 | Fixes: | ||
8 | systemd[1]: Starting Security Auditing Service... | ||
9 | auditd[246]: Could not open dir /var/log/audit (No such file or directory) | ||
10 | auditd[246]: The audit daemon is exiting. | ||
11 | systemd[1]: auditd.service: Control process exited, code=exited, status=6/NOTCONFIGURED | ||
12 | systemd[1]: auditd.service: Failed with result 'exit-code'. | ||
13 | systemd[1]: Failed to start Security Auditing Service. | ||
14 | |||
15 | AVC avc: denied { create } for pid=224 comm="systemd-tmpfile" | ||
16 | name="audit" scontext=system_u:system_r:systemd_tmpfiles_t | ||
17 | tcontext=system_u:object_r:auditd_log_t tclass=dir permissive=0 | ||
18 | |||
19 | Upstream-Status: Inappropriate [embedded specific] | ||
20 | |||
21 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
22 | --- | ||
23 | policy/modules/system/logging.te | 4 ++++ | ||
24 | 1 file changed, 4 insertions(+) | ||
25 | |||
26 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
27 | index 8bc70b81d..3cab14381 100644 | ||
28 | --- a/policy/modules/system/logging.te | ||
29 | +++ b/policy/modules/system/logging.te | ||
30 | @@ -27,6 +27,10 @@ type auditd_log_t; | ||
31 | files_security_file(auditd_log_t) | ||
32 | files_security_mountpoint(auditd_log_t) | ||
33 | |||
34 | +optional_policy(` | ||
35 | + systemd_tmpfilesd_managed(auditd_log_t) | ||
36 | +') | ||
37 | + | ||
38 | type audit_spool_t; | ||
39 | files_security_file(audit_spool_t) | ||
40 | files_security_mountpoint(audit_spool_t) | ||
41 | -- | ||
42 | 2.25.1 | ||
43 | |||