logging: allow auditd to getattr on audisp-remote binary
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
b3c1dba144
commit
a838a88717
@ -166,6 +166,10 @@ manage_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
|
||||
manage_sock_files_pattern(auditd_t, auditd_runtime_t, auditd_runtime_t)
|
||||
files_runtime_filetrans(auditd_t, auditd_runtime_t, { file sock_file })
|
||||
|
||||
# Needs to be able to getattr on the audisp-remote binary to verify
|
||||
# the plugin configuration.
|
||||
allow auditd_t audisp_remote_exec_t:file getattr;
|
||||
|
||||
kernel_read_kernel_sysctls(auditd_t)
|
||||
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
|
||||
# Probably want a transition, and a new auditd_helper app
|
||||
|
Loading…
Reference in New Issue
Block a user