On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:

> audit needs fsetid
> 
> syslog needs to be able to create a tcp_socket for off machine logging.
This commit is contained in:
Chris PeBenito 2007-02-23 20:19:29 +00:00
parent 66cf194680
commit 5c45eaede1
2 changed files with 6 additions and 2 deletions

View File

@ -1,3 +1,5 @@
- Patch for capability fix for auditd and networking fix for syslogd from
Dan Walsh.
- Patch to remove redundant mls_trusted_object() call from Dan Walsh. - Patch to remove redundant mls_trusted_object() call from Dan Walsh.
- Patch for misc fixes to nis ypxfr policy from Dan Walsh. - Patch for misc fixes to nis ypxfr policy from Dan Walsh.
- Patch to allow apmd to telinit from Dan Walsh. - Patch to allow apmd to telinit from Dan Walsh.

View File

@ -1,5 +1,5 @@
policy_module(logging,1.5.1) policy_module(logging,1.5.2)
######################################## ########################################
# #
@ -104,7 +104,7 @@ ifdef(`targeted_policy',`
# Auditd local policy # Auditd local policy
# #
allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource }; allow auditd_t self:capability { audit_write audit_control fsetid sys_nice sys_resource };
dontaudit auditd_t self:capability sys_tty_config; dontaudit auditd_t self:capability sys_tty_config;
allow auditd_t self:process { signal_perms setpgid setsched }; allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file { getattr read write }; allow auditd_t self:file { getattr read write };
@ -271,6 +271,7 @@ allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
allow syslogd_t self:unix_dgram_socket sendto; allow syslogd_t self:unix_dgram_socket sendto;
allow syslogd_t self:fifo_file rw_file_perms; allow syslogd_t self:fifo_file rw_file_perms;
allow syslogd_t self:udp_socket create_socket_perms; allow syslogd_t self:udp_socket create_socket_perms;
allow syslogd_t self:tcp_socket create_stream_socket_perms;
# Create and bind to /dev/log or /var/run/log. # Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file manage_sock_file_perms; allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
@ -324,6 +325,7 @@ corenet_udp_bind_syslogd_port(syslogd_t)
corenet_tcp_sendrecv_all_if(syslogd_t) corenet_tcp_sendrecv_all_if(syslogd_t)
corenet_tcp_sendrecv_all_nodes(syslogd_t) corenet_tcp_sendrecv_all_nodes(syslogd_t)
corenet_tcp_sendrecv_all_ports(syslogd_t) corenet_tcp_sendrecv_all_ports(syslogd_t)
corenet_tcp_bind_all_nodes(syslogd_t)
corenet_tcp_bind_rsh_port(syslogd_t) corenet_tcp_bind_rsh_port(syslogd_t)
corenet_tcp_connect_rsh_port(syslogd_t) corenet_tcp_connect_rsh_port(syslogd_t)