RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-02-24 08:26:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow systemd the audit_read capability

Browse Source 
At early boot, I get the following messages in dmesg:

audit: type=1400 audit(1452851002.184:3): avc:  denied  { audit_read } for  pid=1 comm="systemd" capability=37 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=1
systemd[1]: Listening on Journal Audit Socket.
This commit is contained in:
Laurent Bigonville 2016-01-15 11:42:25 +01:00
parent 24e6175132
commit c94097864a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/init.te
View File

@ -195,7 +195,7 @@ ifdef(`init_systemd',`
typeattribute init_t init_run_all_scripts_domain;
allow init_t self:process { getcap getsched setsched setpgid setfscreate setsockcreate setcap setrlimit };
allow init_t self:capability2 block_suspend;
allow init_t self:capability2 { audit_read block_suspend };
allow init_t self:netlink_kobject_uevent_socket create_socket_perms;
allow init_t self:netlink_route_socket create_netlink_socket_perms;
allow init_t self:netlink_selinux_socket create_socket_perms;