diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch b/recipes-security/refpolicy/refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch deleted file mode 100644 index 2232d48..0000000 --- a/recipes-security/refpolicy/refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | From dc2c9c91219311f6c4d985169dff6c5931a465d7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Wenzong Fan <wenzong.fan@windriver.com> | ||
3 | Date: Thu, 4 Feb 2016 02:10:15 -0500 | ||
4 | Subject: [PATCH] policy/modules/system/logging: fix syslogd failures for | ||
5 | systemd | ||
6 | |||
7 | Fixes: | ||
8 | syslogd[243]: Error opening log file: /var/log/auth.log: Permission denied | ||
9 | syslogd[243]: Error opening log file: /var/log/syslog: Permission denied | ||
10 | syslogd[243]: Error opening log file: /var/log/kern.log: Permission denied | ||
11 | syslogd[243]: Error opening log file: /var/log/mail.log: Permission denied | ||
12 | syslogd[243]: Error opening log file: /var/log/mail.err: Permission denied | ||
13 | syslogd[243]: Error opening log file: /var/log/messages: Permission denied | ||
14 | |||
15 | avc: denied { search } for pid=243 comm="syslogd" name="/" | ||
16 | dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t | ||
17 | tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=0 | ||
18 | |||
19 | avc: denied { write } for pid=162 comm="systemd-journal" | ||
20 | name="syslog" dev="tmpfs" ino=515 scontext=system_u:system_r:syslogd_t | ||
21 | tcontext=system_u:object_r:syslogd_runtime_t tclass=sock_file | ||
22 | permissive=0 | ||
23 | |||
24 | Upstream-Status: Inappropriate [embedded specific] | ||
25 | |||
26 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
27 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
28 | --- | ||
29 | policy/modules/system/logging.te | 3 ++- | ||
30 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
31 | |||
32 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
33 | index cc530a2be..5b4b5ec5d 100644 | ||
34 | --- a/policy/modules/system/logging.te | ||
35 | +++ b/policy/modules/system/logging.te | ||
36 | @@ -431,7 +431,7 @@ files_search_var_lib(syslogd_t) | ||
37 | |||
38 | # manage runtime files | ||
39 | allow syslogd_t syslogd_runtime_t:dir create_dir_perms; | ||
40 | -allow syslogd_t syslogd_runtime_t:sock_file { create setattr unlink }; | ||
41 | +allow syslogd_t syslogd_runtime_t:sock_file { create setattr unlink write }; | ||
42 | allow syslogd_t syslogd_runtime_t:file map; | ||
43 | manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t) | ||
44 | files_runtime_filetrans(syslogd_t, syslogd_runtime_t, file) | ||
45 | @@ -495,6 +495,7 @@ files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir }) | ||
46 | |||
47 | fs_getattr_all_fs(syslogd_t) | ||
48 | fs_search_auto_mountpoints(syslogd_t) | ||
49 | +fs_search_tmpfs(syslogd_t) | ||
50 | |||
51 | mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ and /var/log directories | ||
52 | |||
53 | -- | ||
54 | 2.17.1 | ||
55 | |||