diff --git a/refpolicy/policy/modules/system/logging.fc b/refpolicy/policy/modules/system/logging.fc index aee238088..c7d57346a 100644 --- a/refpolicy/policy/modules/system/logging.fc +++ b/refpolicy/policy/modules/system/logging.fc @@ -16,7 +16,9 @@ ifdef(`distro_suse', ` ') /var/log(/.*)? context_template(system_u:object_r:var_log_t,s0) -/var/log/audit.log context_template(system_u:object_r:auditd_log_t,s0) +/var/log/audit.log -- context_template(system_u:object_r:auditd_log_t,s0) + +/var/log/audit(/.*)? context_template(system_u:object_r:auditd_log_t,s0) /var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0) /var/run/log -s context_template(system_u:object_r:devlog_t,s0) diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index 269e7e7c2..72b4fe570 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -9,7 +9,7 @@ policy_module(logging,1.0) attribute logfile; type auditd_log_t; -logging_log_file(auditd_log_t) +files_type(auditd_log_t) type auditd_t; type auditd_exec_t; @@ -49,10 +49,12 @@ files_type(var_log_t) # Auditd local policy # -allow auditd_t self:capability { audit_write audit_control }; +allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource }; dontaudit auditd_t self:capability sys_tty_config; +allow auditd_t self:process setsched; allow auditd_t self:netlink_audit_socket { bind create getattr nlmsg_read nlmsg_write read write }; +allow auditd_t auditd_log_t:dir rw_dir_perms; allow auditd_t auditd_log_t:file create_file_perms; allow auditd_t auditd_var_run_t:file create_file_perms;