accountsd: Add watch perms
avc: denied { watch } for pid=7134 comm="gmain" path="/var/log" dev="zfs" ino=7092 scontext=system_u:system_r:accounts _t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=7134 comm="gmain" path="/etc" dev="zfs" ino=1436 scontext=system_u:system_r:accountsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman
Chris PeBenito
parent
1387160e0c
commit
deafc9df7a
|
|
@ -40,6 +40,7 @@ dev_read_sysfs(accountsd_t)
|
|||
|
||||
files_read_mnt_files(accountsd_t)
|
||||
files_read_usr_files(accountsd_t)
|
||||
files_watch_etc_dirs(accountsd_t)
|
||||
|
||||
fs_getattr_xattr_fs(accountsd_t)
|
||||
fs_list_inotifyfs(accountsd_t)
|
||||
|
|
@ -54,6 +55,7 @@ miscfiles_read_localization(accountsd_t)
|
|||
logging_list_logs(accountsd_t)
|
||||
logging_send_syslog_msg(accountsd_t)
|
||||
logging_set_loginuid(accountsd_t)
|
||||
logging_watch_generic_logs_dir(accountsd_t)
|
||||
|
||||
userdom_read_user_tmp_files(accountsd_t)
|
||||
userdom_read_user_home_content_files(accountsd_t)
|
||||
|
|
|
|||
|
|
@ -1224,6 +1224,24 @@ interface(`logging_manage_generic_logs',`
|
|||
manage_files_pattern($1, var_log_t, var_log_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Watch generic log dirs.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`logging_watch_generic_logs_dir',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
')
|
||||
|
||||
allow $1 var_log_t:dir watch;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
|
|
|
|||
Loading…
Reference in New Issue