From 69d88981bc4cf026acd7f2efe6142442c72d918a Mon Sep 17 00:00:00 2001 From: Laurent Bigonville Date: Fri, 4 Oct 2019 16:13:02 +0200 Subject: [PATCH] Allow geoclue to log in syslog ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:513): avc: denied { create } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:514): avc: denied { sendto } for pid=1384 comm="geoclue" path="/run/systemd/journal/socket" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tc lass=unix_dgram_socket permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" name="socket" dev="tmpfs" ino=1781 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:devlog_t:s0 tcla ss=sock_file permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="journal" dev="tmpfs" ino=1777 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:syslogd_runtim e_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="systemd" dev="tmpfs" ino=11001 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:init_runtime_ t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- Signed-off-by: Laurent Bigonville --- policy/modules/services/geoclue.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/geoclue.te b/policy/modules/services/geoclue.te index c6e664088..a36bcb80d 100644 --- a/policy/modules/services/geoclue.te +++ b/policy/modules/services/geoclue.te @@ -30,6 +30,8 @@ dev_read_urand(geoclue_t) auth_use_nsswitch(geoclue_t) +logging_send_syslog_msg(geoclue_t) + miscfiles_read_generic_certs(geoclue_t) miscfiles_read_localization(geoclue_t)