RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

logging: allow auditd to getattr on audisp-remote binary 

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-03-27 18:28:25 -04:00
parent b3c1dba144
commit a838a88717
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/system/logging.te
View File

@ -166,6 +166,10 @@ manage_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
manage_sock_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
files_runtime_filetrans(auditd_t, auditd_runtime_t, { file sock_file })
# Needs to be able to getattr on the audisp-remote binary to verify
# the plugin configuration.
allow auditd_t audisp_remote_exec_t:file getattr;
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
# Probably want a transition, and a new auditd_helper app