CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
87fb662ff1
meta-selinux/recipes-security/refpolicy/refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch
Yi Zhao 87fb662ff1 refpolicy: update to 20250213+git 
ChangeLog:
https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250213

* Add tool for validating appconfig contexts files.
* Add netlink extended permissions definitions.
* Updates for Systemd up to v257.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
2025-03-07 14:34:46 -05:00

50 lines
1.9 KiB
Diff
Raw Blame History

From 59c29aa28424cf61f6b71a9022dced52d5b58c8f Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Thu, 22 Aug 2013 13:37:23 +0800
Subject: [PATCH] policy/modules/system/logging: fix auditd startup failures
Fixes:
avc: denied { read } for pid=321 comm="auditd" name="log" dev="vda"
ino=12552 scontext=system_u:system_r:auditd_t
tcontext=system_u:object_r:var_log_t tclass=lnk_file permissive=0
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
policy/modules/system/logging.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 38e0b4766..a1912254e 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -117,6 +117,7 @@ allow auditctl_t self:netlink_audit_socket nlmsg_readpriv;
read_files_pattern(auditctl_t, auditd_etc_t, auditd_etc_t)
allow auditctl_t auditd_etc_t:dir list_dir_perms;
+allow auditctl_t var_log_t:lnk_file read_lnk_file_perms;
dontaudit auditctl_t auditd_etc_t:file map;
corecmd_search_bin(auditctl_t)
@@ -177,6 +178,7 @@ dontaudit auditd_t auditd_etc_t:file map;
manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
allow auditd_t auditd_log_t:dir setattr;
manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
allow auditd_t var_log_t:dir search_dir_perms;
manage_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
@@ -306,6 +308,7 @@ optional_policy(`
allow audisp_remote_t self:capability { setpcap setuid };
allow audisp_remote_t self:process { getcap setcap };
allow audisp_remote_t self:tcp_socket create_socket_perms;
+allow audisp_remote_t var_log_t:lnk_file read_lnk_file_perms;
allow audisp_remote_t var_log_t:dir search_dir_perms;
manage_dirs_pattern(audisp_remote_t, audit_spool_t, audit_spool_t)
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink