On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
> audit needs fsetid > > syslog needs to be able to create a tcp_socket for off machine logging.
This commit is contained in:
parent
66cf194680
commit
5c45eaede1
@ -1,3 +1,5 @@
|
|||||||
|
- Patch for capability fix for auditd and networking fix for syslogd from
|
||||||
|
Dan Walsh.
|
||||||
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
|
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
|
||||||
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
|
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
|
||||||
- Patch to allow apmd to telinit from Dan Walsh.
|
- Patch to allow apmd to telinit from Dan Walsh.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(logging,1.5.1)
|
policy_module(logging,1.5.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -104,7 +104,7 @@ ifdef(`targeted_policy',`
|
|||||||
# Auditd local policy
|
# Auditd local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
|
allow auditd_t self:capability { audit_write audit_control fsetid sys_nice sys_resource };
|
||||||
dontaudit auditd_t self:capability sys_tty_config;
|
dontaudit auditd_t self:capability sys_tty_config;
|
||||||
allow auditd_t self:process { signal_perms setpgid setsched };
|
allow auditd_t self:process { signal_perms setpgid setsched };
|
||||||
allow auditd_t self:file { getattr read write };
|
allow auditd_t self:file { getattr read write };
|
||||||
@ -271,6 +271,7 @@ allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
|
|||||||
allow syslogd_t self:unix_dgram_socket sendto;
|
allow syslogd_t self:unix_dgram_socket sendto;
|
||||||
allow syslogd_t self:fifo_file rw_file_perms;
|
allow syslogd_t self:fifo_file rw_file_perms;
|
||||||
allow syslogd_t self:udp_socket create_socket_perms;
|
allow syslogd_t self:udp_socket create_socket_perms;
|
||||||
|
allow syslogd_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
|
||||||
# Create and bind to /dev/log or /var/run/log.
|
# Create and bind to /dev/log or /var/run/log.
|
||||||
allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
|
allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
|
||||||
@ -324,6 +325,7 @@ corenet_udp_bind_syslogd_port(syslogd_t)
|
|||||||
corenet_tcp_sendrecv_all_if(syslogd_t)
|
corenet_tcp_sendrecv_all_if(syslogd_t)
|
||||||
corenet_tcp_sendrecv_all_nodes(syslogd_t)
|
corenet_tcp_sendrecv_all_nodes(syslogd_t)
|
||||||
corenet_tcp_sendrecv_all_ports(syslogd_t)
|
corenet_tcp_sendrecv_all_ports(syslogd_t)
|
||||||
|
corenet_tcp_bind_all_nodes(syslogd_t)
|
||||||
corenet_tcp_bind_rsh_port(syslogd_t)
|
corenet_tcp_bind_rsh_port(syslogd_t)
|
||||||
corenet_tcp_connect_rsh_port(syslogd_t)
|
corenet_tcp_connect_rsh_port(syslogd_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user