Little misc patches from Russell Coker.

1 files changed, 9 insertions, 5 deletions

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 94be02e56..10d2fc9f7 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.25.1)
+policy_module(logging, 1.25.2)
 
 ########################################
 #
@@ -124,8 +124,6 @@ term_use_all_terms(auditctl_t)
 
 init_dontaudit_use_fds(auditctl_t)
 
-locallogin_dontaudit_use_fds(auditctl_t)
-
 logging_set_audit_parameters(auditctl_t)
 logging_send_syslog_msg(auditctl_t)
 
@@ -133,6 +131,10 @@ ifdef(`init_systemd',`
 	init_rw_stream_sockets(auditctl_t)
 ')
 
+optional_policy(`
+	locallogin_dontaudit_use_fds(auditctl_t)
+')
+
 ########################################
 #
 # Auditd local policy
@@ -373,8 +375,8 @@ optional_policy(`
 # sys_admin for the integrated klog of syslog-ng and metalog
 # sys_nice for rsyslog
 # cjp: why net_admin!
-allow syslogd_t self:capability { chown dac_override fsetid net_admin sys_admin sys_nice sys_resource sys_tty_config };
-dontaudit syslogd_t self:capability { sys_ptrace sys_tty_config };
+allow syslogd_t self:capability { chown dac_override fsetid net_admin setgid setuid sys_admin sys_nice sys_resource sys_tty_config };
+dontaudit syslogd_t self:capability { sys_ptrace };
 # setpgid for metalog
 # setrlimit for syslog-ng
 # getsched for syslog-ng
@@ -569,6 +571,8 @@ optional_policy(`
 
 optional_policy(`
 	udev_read_db(syslogd_t)
+	# for systemd-journal to read seat data from /run/udev/data
+	udev_read_pid_files(syslogd_t)
 ')
 
 optional_policy(`