RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

logging: various fixes for auditctl 

Allow auditctl to read /proc/filesystems and connect to systemd-userdb.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2022-06-05 10:36:56 -04:00
parent 1b15d31a1d
commit 80cbe18d72
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/system/logging.te
View File

@ -121,6 +121,7 @@ files_read_etc_files(auditctl_t)
kernel_dontaudit_getattr_proc(auditctl_t)
kernel_read_kernel_sysctls(auditctl_t)
kernel_read_proc_symlinks(auditctl_t)
kernel_read_system_state(auditctl_t)
kernel_setsched(auditctl_t)
domain_read_all_domains_state(auditctl_t)
@ -139,6 +140,8 @@ miscfiles_read_localization(auditctl_t)
ifdef(`init_systemd',`
init_rw_stream_sockets(auditctl_t)
systemd_stream_connect_userdb(auditctl_t)
')
optional_policy(`