* Mon Feb 13 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-239

- Allow syslog client to connect to kernel socket. BZ(1419946)
2017-02-13 10:17:47 +01:00 · 2017-02-13 10:17:47 +01:00 · 7c40aea259
commit 7c40aea259
parent 67dffb1bc1
3 changed files with 9 additions and 3 deletions
--- a/container-selinux.tgz
+++ b/container-selinux.tgz
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@ -41908,7 +41908,7 @@ index 4e94884..0690edf 100644
 +	filetrans_pattern($1, syslogd_var_run_t, $2, $3, $4)
 +')
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 59b04c1..2be561d 100644
+index 59b04c1..d9eb312 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
@@ -4,6 +4,29 @@ policy_module(logging, 1.20.1)
@ -42359,7 +42359,7 @@ index 59b04c1..2be561d 100644
 ')
 optional_policy(`
-@@ -526,3 +669,26 @@ optional_policy(`
+@@ -526,3 +669,29 @@ optional_policy(`
 	# log to the xconsole
 	xserver_rw_console(syslogd_t)
 ')
@ -42377,6 +42377,9 @@ index 59b04c1..2be561d 100644
 +allow syslog_client_type self:unix_dgram_socket create_socket_perms;
 +allow syslog_client_type self:unix_stream_socket create_socket_perms;
 +
 +
 +kernel_stream_connect(syslog_client_type)
 +
 +# If syslog is down, the glibc syslog() function
 +# will write to the console.
 +term_write_console(syslog_client_type)
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 238%{?dist}
+Release: 239%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -675,6 +675,9 @@ exit 0
 %endif
 %changelog
 * Mon Feb 13 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-239
 - Allow syslog client to connect to kernel socket. BZ(1419946)
 * Thu Feb 09 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-238
 - Allow shiftfs to use xattr SELinux labels
 - Fix ssh_server_template by add sshd_t to require section.