RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow AIDE to sendto kernel datagram socket 

type=AVC msg=audit(1550799594.394:205): avc:  denied  { sendto } for  pid=7182 comm="aide" path="/dev/log" scontext=system_u:system_r:aide_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket permissive=1

Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David 2019-02-25 23:37:46 +00:00 committed by Chris PeBenito
parent c418d0e81d
commit 2f063edd88
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/admin/aide.te
View File

@ -35,6 +35,8 @@ logging_log_filetrans(aide_t, aide_log_t, file)
files_read_all_files(aide_t)
files_read_all_symlinks(aide_t)
kernel_dgram_send(aide_t)
logging_send_audit_msgs(aide_t)
logging_send_syslog_msg(aide_t)