diff --git a/container-selinux.tgz b/container-selinux.tgz index 16c13eb8..4430a42e 100644 Binary files a/container-selinux.tgz and b/container-selinux.tgz differ diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index c7e4f311..550765cf 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -41908,7 +41908,7 @@ index 4e94884..0690edf 100644 + filetrans_pattern($1, syslogd_var_run_t, $2, $3, $4) +') diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te -index 59b04c1..2be561d 100644 +index 59b04c1..d9eb312 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -4,6 +4,29 @@ policy_module(logging, 1.20.1) @@ -42359,7 +42359,7 @@ index 59b04c1..2be561d 100644 ') optional_policy(` -@@ -526,3 +669,26 @@ optional_policy(` +@@ -526,3 +669,29 @@ optional_policy(` # log to the xconsole xserver_rw_console(syslogd_t) ') @@ -42377,6 +42377,9 @@ index 59b04c1..2be561d 100644 +allow syslog_client_type self:unix_dgram_socket create_socket_perms; +allow syslog_client_type self:unix_stream_socket create_socket_perms; + ++ ++kernel_stream_connect(syslog_client_type) ++ +# If syslog is down, the glibc syslog() function +# will write to the console. +term_write_console(syslog_client_type) diff --git a/selinux-policy.spec b/selinux-policy.spec index 217c523b..19632f9b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 238%{?dist} +Release: 239%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -675,6 +675,9 @@ exit 0 %endif %changelog +* Mon Feb 13 2017 Lukas Vrabec - 3.13.1-239 +- Allow syslog client to connect to kernel socket. BZ(1419946) + * Thu Feb 09 2017 Lukas Vrabec - 3.13.1-238 - Allow shiftfs to use xattr SELinux labels - Fix ssh_server_template by add sshd_t to require section.