logging: allow auditd to getattr on audisp-remote binary

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-03-27 18:28:25 -04:00
parent b3c1dba144
commit a838a88717

View File

@ -166,6 +166,10 @@ manage_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
manage_sock_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
files_runtime_filetrans(auditd_t, auditd_runtime_t, { file sock_file })
# Needs to be able to getattr on the audisp-remote binary to verify
# the plugin configuration.
allow auditd_t audisp_remote_exec_t:file getattr;
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
# Probably want a transition, and a new auditd_helper app