nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3a7e30c22d
selinux-refpolicy/policy
History
Nicolas Iooss 3a7e30c22d Allow journald to read the kernel ring buffer and to use /dev/kmsg 
audit.log shows that journald needs to read the kernel read buffer:

    avc:  denied  { syslog_read } for  pid=147 comm="systemd-journal" scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1

Moreover journald uses RW access to /dev/kmsg, according to its code:
http://cgit.freedesktop.org/systemd/systemd/tree/src/journal/journald-kmsg.c?id=v215#n394
2014-09-12 09:52:18 -04:00
..
flask Renamed db_type to db_datatype, to avoid confusion with SELinux "type" 2014-06-25 16:24:33 +04:00
modules Allow journald to read the kernel ring buffer and to use /dev/kmsg 2014-09-12 09:52:18 -04:00
support Add ioctl and lock to manage_lnk_file_perms 2014-08-26 08:08:41 -04:00
constraints Allow user and role changes on dynamic transitions with the same constraints as regular transitions. 2011-09-02 09:59:26 -04:00
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
global_tunables Rename allow_console tunable to console_login. 2011-01-14 11:44:42 -05:00
mcs Implement mcs_constrained_type 2012-11-28 16:12:25 -05:00
mls Add MLS constraints for x_pointer and x_keyboard. 2013-08-26 08:30:05 -04:00
policy_capabilities trunk: update policycaps comments for sock_file open perm. 2009-07-01 13:34:54 +00:00
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00