selinux-refpolicy/policy
Nicolas Iooss 4067a18530 Allow unconfined domains to use syslog capability
When an unconfined_t root user runs dmesg, the kernel complains with
this message in its logs (when SELinux is in enforcing mode):

  dmesg (16289): Attempt to access syslog with CAP_SYS_ADMIN but no
  CAP_SYSLOG (deprecated).

audit.log contains following AVC:

  avc:  denied  { syslog } for  pid=16289 comm="dmesg" capability=34
  scontext=unconfined_u:unconfined_r:unconfined_t
  tcontext=unconfined_u:unconfined_r:unconfined_t tclass=capability2
2014-06-09 09:28:33 -04:00
..
flask flask: add the attach_queue permission to the tun_socket object class 2013-01-22 12:46:06 -05:00
modules Allow unconfined domains to use syslog capability 2014-06-09 09:28:33 -04:00
support
constraints
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans
global_tunables
mcs Implement mcs_constrained_type 2012-11-28 16:12:25 -05:00
mls Add MLS constraints for x_pointer and x_keyboard. 2013-08-26 08:30:05 -04:00
policy_capabilities
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00