logging: allow systemd-journal to manage syslogd_runtime_t sock_file

Fixes: avc: denied { write } for pid=165 comm="systemd-journal" name="syslog" dev="tmpfs" ino=545 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:syslogd_runtime_t tclass=sock_file permissive=0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Yi Zhao <yi.zhao@windriver.com> 2016-02-04 02:10:15 -0500
committer: Kenton Groombridge <concord@gentoo.org> 2022-11-02 10:07:21 -0400
commit: e80a5063c43f7a98c80513cb2b9078fec7fd48ed (patch)
tree: f338ed590f1ed06c5692f93dc2735f36a4d076a1
parent: glusterfs: add type for glusterd hooks (diff)
download: hardened-refpolicy-e80a5063.tar.gz
hardened-refpolicy-e80a5063.tar.bz2
hardened-refpolicy-e80a5063.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 0b05b433..69b7aa41 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -437,7 +437,7 @@ files_search_var_lib(syslogd_t)
 
 # manage runtime files
 allow syslogd_t syslogd_runtime_t:dir create_dir_perms;
-allow syslogd_t syslogd_runtime_t:sock_file { create setattr unlink };
+allow syslogd_t syslogd_runtime_t:sock_file manage_sock_file_perms;
 allow syslogd_t syslogd_runtime_t:file map;
 manage_files_pattern(syslogd_t, syslogd_runtime_t, syslogd_runtime_t)
 files_runtime_filetrans(syslogd_t, syslogd_runtime_t, file)
author	Yi Zhao <yi.zhao@windriver.com>	2016-02-04 02:10:15 -0500
committer	Kenton Groombridge <concord@gentoo.org>	2022-11-02 10:07:21 -0400
commit	e80a5063c43f7a98c80513cb2b9078fec7fd48ed (patch)
tree	f338ed590f1ed06c5692f93dc2735f36a4d076a1
parent	glusterfs: add type for glusterd hooks (diff)
download	hardened-refpolicy-e80a5063.tar.gz hardened-refpolicy-e80a5063.tar.bz2 hardened-refpolicy-e80a5063.zip