diff options
| author |   Antoine Tenart <antoine.tenart@bootlin.com> | 2020-08-13 11:08:43 +0200 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-10-11 14:00:05 -0700 |
| commit | 3f53590de965cda81024db69cc574633de1693e0 (patch) | |
| tree | f0eb396cdceb6eb00710228ca6489bb7b02f2e4d | |
| parent | locallogin: allow login to get attributes of procfs (diff) | |
| download | hardened-refpolicy-3f53590d.tar.gz hardened-refpolicy-3f53590d.tar.bz2 hardened-refpolicy-3f53590d.zip | |
logging: allow systemd-journal to write messages to the audit socket
Fixes:
avc: denied { nlmsg_write } for pid=46 comm="systemd-journal"
scontext=system_u:system_r:syslogd_t
tcontext=system_u:system_r:syslogd_t tclass=netlink_audit_socket
permissive=1
avc: denied { nlmsg_write } for pid=46 comm="systemd-journal"
scontext=system_u:system_r:syslogd_t
tcontext=system_u:system_r:syslogd_t tclass=netlink_audit_socket
permissive=1
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/logging.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 396643073..820fc8d39 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -524,7 +524,7 @@ ifdef(`init_systemd',` allow syslogd_t self:netlink_audit_socket connected_socket_perms; allow syslogd_t self:capability2 audit_read; allow syslogd_t self:capability { chown setgid setuid sys_ptrace }; - allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write }; + allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write nlmsg_write }; # remove /run/log/journal when switching to permanent storage allow syslogd_t var_log_t:dir rmdir; |