diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch b/recipes-security/refpolicy/refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch new file mode 100644 index 0000000..d07fa91 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 2476910f6d7f116148bb9311498b5c98692c1ef3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Sat, 18 Dec 2021 17:31:45 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/logging: make syslogd_runtime_t MLS | ||
5 | trusted. | ||
6 | |||
7 | Make syslogd_runtime_t MLS trusted to allow all levels to read and write | ||
8 | the object. | ||
9 | |||
10 | Fixes: | ||
11 | avc: denied { search } for pid=314 comm="useradd" name="journal" | ||
12 | dev="tmpfs" ino=34 scontext=root:sysadm_r:useradd_t:s0-s15:c0.c1023 | ||
13 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
14 | permissive=0 | ||
15 | |||
16 | avc: denied { search } for pid=319 comm="passwd" name="journal" | ||
17 | dev="tmpfs" ino=34 scontext=root:sysadm_r:passwd_t:s0-s15:c0.c1023 | ||
18 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
19 | permissive=0 | ||
20 | |||
21 | avc: denied { search } for pid=374 comm="rpc.statd" name="journal" | ||
22 | dev="tmpfs" ino=9854 scontext=system_u:system_r:rpcd_t:s0-s15:c0.c1023 | ||
23 | tcontext=system_u:object_r:syslogd_var_run_t:s15:c0.c1023 tclass=dir | ||
24 | permissive=0 | ||
25 | |||
26 | Upstream-Status: Inappropriate [embedded specific] | ||
27 | |||
28 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
29 | --- | ||
30 | policy/modules/system/logging.te | 2 ++ | ||
31 | 1 file changed, 2 insertions(+) | ||
32 | |||
33 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
34 | index 25e1d1397..ba0fd10e0 100644 | ||
35 | --- a/policy/modules/system/logging.te | ||
36 | +++ b/policy/modules/system/logging.te | ||
37 | @@ -456,6 +456,8 @@ allow syslogd_t syslogd_runtime_t:file map; | ||
38 | manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t) | ||
39 | files_runtime_filetrans(syslogd_t, syslogd_runtime_t, file) | ||
40 | |||
41 | +mls_trusted_object(syslogd_runtime_t) | ||
42 | + | ||
43 | kernel_read_system_state(syslogd_t) | ||
44 | kernel_read_network_state(syslogd_t) | ||
45 | kernel_read_kernel_sysctls(syslogd_t) | ||
46 | -- | ||
47 | 2.25.1 | ||
48 | |||