diff options
author | 2017-02-18 09:39:01 -0500 | |
---|---|---|
committer | 2017-02-21 14:52:46 +0800 | |
commit | 8a23415215dd0c7be0bf930e02410d9950fe647f (patch) | |
tree | 4b0490c4b2e6558110fa69c001417d3603a38541 /policy/modules/system/logging.te | |
parent | add admin_process_pattern macro (diff) | |
download | hardened-refpolicy-8a23415215dd0c7be0bf930e02410d9950fe647f.tar.gz hardened-refpolicy-8a23415215dd0c7be0bf930e02410d9950fe647f.tar.bz2 hardened-refpolicy-8a23415215dd0c7be0bf930e02410d9950fe647f.zip |
Little misc patches from Russell Coker.
Diffstat (limited to 'policy/modules/system/logging.te')
-rw-r--r-- | policy/modules/system/logging.te | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 94be02e56..10d2fc9f7 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,4 +1,4 @@ -policy_module(logging, 1.25.1) +policy_module(logging, 1.25.2) ######################################## # @@ -124,8 +124,6 @@ term_use_all_terms(auditctl_t) init_dontaudit_use_fds(auditctl_t) -locallogin_dontaudit_use_fds(auditctl_t) - logging_set_audit_parameters(auditctl_t) logging_send_syslog_msg(auditctl_t) @@ -133,6 +131,10 @@ ifdef(`init_systemd',` init_rw_stream_sockets(auditctl_t) ') +optional_policy(` + locallogin_dontaudit_use_fds(auditctl_t) +') + ######################################## # # Auditd local policy @@ -373,8 +375,8 @@ optional_policy(` # sys_admin for the integrated klog of syslog-ng and metalog # sys_nice for rsyslog # cjp: why net_admin! -allow syslogd_t self:capability { chown dac_override fsetid net_admin sys_admin sys_nice sys_resource sys_tty_config }; -dontaudit syslogd_t self:capability { sys_ptrace sys_tty_config }; +allow syslogd_t self:capability { chown dac_override fsetid net_admin setgid setuid sys_admin sys_nice sys_resource sys_tty_config }; +dontaudit syslogd_t self:capability { sys_ptrace }; # setpgid for metalog # setrlimit for syslog-ng # getsched for syslog-ng @@ -569,6 +571,8 @@ optional_policy(` optional_policy(` udev_read_db(syslogd_t) + # for systemd-journal to read seat data from /run/udev/data + udev_read_pid_files(syslogd_t) ') optional_policy(` |