logging: Allow auditd to stat() dispatcher executables.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2021-09-01 19:49:05 +00:00 committed by Chris PeBenito
parent e45d2fd1ef
commit 7e3b26e76c

View File

@ -306,7 +306,7 @@ interface(`logging_signal_dispatcher',`
#
interface(`logging_dispatcher_domain',`
gen_require(`
type audisp_t;
type audisp_t, auditd_t;
role system_r;
')
@ -315,6 +315,8 @@ interface(`logging_dispatcher_domain',`
role system_r types $1;
allow auditd_t $2:file getattr;
domtrans_pattern(audisp_t, $2, $1)
allow audisp_t $1:process { sigkill sigstop signull signal };