rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add in some rules from NSA CVS to make targeted policy work

Browse Source
This commit is contained in:
Chris PeBenito 2005-07-20 13:30:06 +00:00
parent 8c3f438f75
commit a28f6db576
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
refpolicy/policy/modules/system/logging.fc
View File

@ -16,7 +16,9 @@ ifdef(`distro_suse', `
')
/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0)
/var/log/audit.log context_template(system_u:object_r:auditd_log_t,s0)
/var/log/audit.log -- context_template(system_u:object_r:auditd_log_t,s0)
/var/log/audit(/.*)? context_template(system_u:object_r:auditd_log_t,s0)
/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0)
/var/run/log -s context_template(system_u:object_r:devlog_t,s0)

6
refpolicy/policy/modules/system/logging.te
View File

@ -9,7 +9,7 @@ policy_module(logging,1.0)
attribute logfile;
type auditd_log_t;
logging_log_file(auditd_log_t)
files_type(auditd_log_t)
type auditd_t;
type auditd_exec_t;
@ -49,10 +49,12 @@ files_type(var_log_t)
# Auditd local policy
#
allow auditd_t self:capability { audit_write audit_control };
allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
dontaudit auditd_t self:capability sys_tty_config;
allow auditd_t self:process setsched;
allow auditd_t self:netlink_audit_socket { bind create getattr nlmsg_read nlmsg_write read write };
allow auditd_t auditd_log_t:dir rw_dir_perms;
allow auditd_t auditd_log_t:file create_file_perms;
allow auditd_t auditd_var_run_t:file create_file_perms;