From 7e3b26e76ceb9aedf1bd7285b78a6e6dc913b4f8 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Date: Wed, 1 Sep 2021 19:49:05 +0000
Subject: [PATCH] logging: Allow auditd to stat() dispatcher executables.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
---
 policy/modules/system/logging.if | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index c33c23079..341763730 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -306,7 +306,7 @@ interface(`logging_signal_dispatcher',`
 #
 interface(`logging_dispatcher_domain',`
 	gen_require(`
-		type audisp_t;
+		type audisp_t, auditd_t;
 		role system_r;
 	')
 
@@ -315,6 +315,8 @@ interface(`logging_dispatcher_domain',`
 
 	role system_r types $1;
 
+	allow auditd_t $2:file getattr;
+
 	domtrans_pattern(audisp_t, $2, $1)
 	allow audisp_t $1:process { sigkill sigstop signull signal };