Allow journald to access to the state of all processes

When a process sends a syslog message to journald, journald records information such as command, executable, cgroup, etc.: http://cgit.freedesktop.org/systemd/systemd/tree/src/journal/journald-server.c?id=v215#n589 This needs domain_read_all_domains_state.
2014-09-07 23:28:15 +02:00 · 2014-09-07 23:28:15 +02:00 · 6a201e405b
commit 6a201e405b
parent 6ced8116bd
1 changed files with 2 additions and 0 deletions
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@ -443,6 +443,8 @@ dev_read_sysfs(syslogd_t)
 dev_rw_kmsg(syslogd_t)

 domain_use_interactive_fds(syslogd_t)
+# Allow access to /proc/ information for journald
+domain_read_all_domains_state(syslogd_t)

 files_read_etc_files(syslogd_t)
 files_read_usr_files(syslogd_t)