Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/
Date: Sun, 10 Sep 2017 14:04:01
Message-Id: 1505050337.58da6a68ade7d4c28dfbc679d901af98573cf441.perfinion@gentoo
1 commit: 58da6a68ade7d4c28dfbc679d901af98573cf441
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sun Sep 10 13:32:17 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 10 13:32:17 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=58da6a68
7
8 logging: audit map config files and fcontext for /etc/audisp
9
10 policy/modules/system/logging.fc | 1 +
11 policy/modules/system/logging.te | 5 +++++
12 2 files changed, 6 insertions(+)
13
14 diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
15 index 9174f94b..55bb640b 100644
16 --- a/policy/modules/system/logging.fc
17 +++ b/policy/modules/system/logging.fc
18 @@ -3,6 +3,7 @@
19 /etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
20 /etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
21 /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
22 +/etc/audisp(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
23 /etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
24 /etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
25
26
27 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
28 index 6d09c8bd..de255723 100644
29 --- a/policy/modules/system/logging.te
30 +++ b/policy/modules/system/logging.te
31 @@ -105,6 +105,7 @@ allow auditctl_t self:netlink_audit_socket nlmsg_readpriv;
32
33 read_files_pattern(auditctl_t, auditd_etc_t, auditd_etc_t)
34 allow auditctl_t auditd_etc_t:dir list_dir_perms;
35 +allow auditctl_t auditd_etc_t:file map;
36
37 # Needed for adding watches
38 files_getattr_all_dirs(auditctl_t)
39 @@ -245,6 +246,10 @@ allow audisp_t self:unix_dgram_socket create_socket_perms;
40
41 allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
42
43 +read_files_pattern(audisp_t, auditd_etc_t, auditd_etc_t)
44 +allow audisp_t auditd_etc_t:dir list_dir_perms;
45 +allow audisp_t auditd_etc_t:file map;
46 +
47 manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
48 files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
Report Message
Find on MARC Find on Google Groups