9686bf05a7
When ulogd is run by systemd on Debian, it logs messages to the journal, it used a PID file in /run/ulog/ulogd.pid, and logs packets to /var/log/ulog/syslogemu.log. This last ones triggers a dac_read_search capability check because the directory is configured as: drwxrwx---. ulog adm /var/log/ulog (root does not have an access to the directory without bypassing the DAC.) Add a comment describing how to avoid allowing dac_read_search to ulogd_t. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> |
||
---|---|---|
.. | ||
flask | ||
modules | ||
support | ||
constraints | ||
context_defaults | ||
global_booleans | ||
global_tunables | ||
mcs | ||
mls | ||
policy_capabilities | ||
users |