diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch b/recipes-security/refpolicy/refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch new file mode 100644 index 0000000..7bdc9d6 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From f8a12b28b70689ab520e7ae94d306afe9dcbb556 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Sat, 18 Dec 2021 17:31:45 +0800 | ||
4 | Subject: [PATCH] policy/modules/system/logging: make syslogd_runtime_t MLS | ||
5 | trusted. | ||
6 | |||
7 | Make syslogd_runtime_t MLS trusted to allow all levels to read and write | ||
8 | the object. | ||
9 | |||
10 | Fixes: | ||
11 | avc: denied { search } for pid=314 comm="useradd" name="journal" | ||
12 | dev="tmpfs" ino=34 scontext=root:sysadm_r:useradd_t:s0-s15:c0.c1023 | ||
13 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
14 | permissive=0 | ||
15 | |||
16 | avc: denied { search } for pid=319 comm="passwd" name="journal" | ||
17 | dev="tmpfs" ino=34 scontext=root:sysadm_r:passwd_t:s0-s15:c0.c1023 | ||
18 | tcontext=system_u:object_r:syslogd_runtime_t:s15:c0.c1023 tclass=dir | ||
19 | permissive=0 | ||
20 | |||
21 | avc: denied { search } for pid=374 comm="rpc.statd" name="journal" | ||
22 | dev="tmpfs" ino=9854 scontext=system_u:system_r:rpcd_t:s0-s15:c0.c1023 | ||
23 | tcontext=system_u:object_r:syslogd_var_run_t:s15:c0.c1023 tclass=dir | ||
24 | permissive=0 | ||
25 | |||
26 | Upstream-Status: Pending | ||
27 | |||
28 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
29 | --- | ||
30 | policy/modules/system/logging.te | 2 ++ | ||
31 | 1 file changed, 2 insertions(+) | ||
32 | |||
33 | diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te | ||
34 | index f8d8b73f0..badf56f16 100644 | ||
35 | --- a/policy/modules/system/logging.te | ||
36 | +++ b/policy/modules/system/logging.te | ||
37 | @@ -438,6 +438,8 @@ allow syslogd_t syslogd_runtime_t:file map; | ||
38 | manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t) | ||
39 | files_runtime_filetrans(syslogd_t, syslogd_runtime_t, file) | ||
40 | |||
41 | +mls_trusted_object(syslogd_runtime_t) | ||
42 | + | ||
43 | kernel_read_crypto_sysctls(syslogd_t) | ||
44 | kernel_read_system_state(syslogd_t) | ||
45 | kernel_read_network_state(syslogd_t) | ||
46 | -- | ||
47 | 2.17.1 | ||
48 | |||