* Mon Feb 13 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-239

- Allow syslog client to connect to kernel socket. BZ(1419946)

policy-rawhide-base.patch

@@ -41908,7 +41908,7 @@ index 4e94884..0690edf 100644
 +	filetrans_pattern($1, syslogd_var_run_t, $2, $3, $4)
 +')
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 59b04c1..2be561d 100644
+index 59b04c1..d9eb312 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -4,6 +4,29 @@ policy_module(logging, 1.20.1)
@@ -42359,7 +42359,7 @@ index 59b04c1..2be561d 100644
  ')
  
  optional_policy(`
-@@ -526,3 +669,26 @@ optional_policy(`
+@@ -526,3 +669,29 @@ optional_policy(`
  	# log to the xconsole
  	xserver_rw_console(syslogd_t)
  ')
@@ -42377,6 +42377,9 @@ index 59b04c1..2be561d 100644
 +allow syslog_client_type self:unix_dgram_socket create_socket_perms;
 +allow syslog_client_type self:unix_stream_socket create_socket_perms;
 +
++
++kernel_stream_connect(syslog_client_type)
++
 +# If syslog is down, the glibc syslog() function
 +# will write to the console.
 +term_write_console(syslog_client_type)

selinux-policy.spec

@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 238%{?dist}
+Release: 239%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -675,6 +675,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Feb 13 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-239
+- Allow syslog client to connect to kernel socket. BZ(1419946)
+
 * Thu Feb 09 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-238
 - Allow shiftfs to use xattr SELinux labels
 - Fix ssh_server_template by add sshd_t to require section.