From ef5e55c9fa628f3acc82cc030107b5b7cf201cdf Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 7 Jun 2005 14:16:14 +0000 Subject: [PATCH] move to logging --- refpolicy/policy/modules/system/audit.te | 82 ------------------------ 1 file changed, 82 deletions(-) delete mode 100644 refpolicy/policy/modules/system/audit.te diff --git a/refpolicy/policy/modules/system/audit.te b/refpolicy/policy/modules/system/audit.te deleted file mode 100644 index d7201434..00000000 --- a/refpolicy/policy/modules/system/audit.te +++ /dev/null @@ -1,82 +0,0 @@ - -policy_module(audit, 1.0) - -######################################## -# -# Declarations -# - -type auditd_log_t; -logging_make_log_file(auditd_t,auditd_log_t) - -type auditd_t; -type auditd_exec_t; -init_make_daemon_domain(auditd_t,auditd_exec_t) - -type auditd_var_run_t; -files_make_daemon_runtime_file(auditd_var_run_t) - -######################################## -# -# Auditd local policy -# - -allow auditd_t self:capability { audit_write audit_control }; -dontaudit auditd_t self:capability sys_tty_config; -allow auditd_t self:netlink_audit_socket { bind create getattr nlmsg_read nlmsg_write read write }; - -allow auditd_t auditd_log_t:file { create ioctl read getattr lock write setattr append link unlink rename }; - -allow auditd_t auditd_var_run_t:file { getattr create read write append setattr unlink }; -files_create_daemon_runtime_data(auditd_t,auditd_var_run_t) - -kernel_read_kernel_sysctl(auditd_t) -kernel_read_hardware_state(auditd_t) - -filesystem_get_all_filesystems_attributes(auditd_t) - -terminal_ignore_use_console(auditd_t) - -init_use_file_descriptors(auditd_t) -init_script_use_pseudoterminal(auditd_t) - -domain_use_widely_inheritable_file_descriptors(auditd_t) - -files_read_general_system_config(auditd_t) - -logging_send_system_log_message(auditd_t) - -libraries_use_dynamic_loader(auditd_t) -libraries_use_shared_libraries(auditd_t) - -miscfiles_read_localization(auditd_t) - -tunable_policy(`targeted_policy', ` - terminal_ignore_use_general_physical_terminal(auditd_t) - terminal_ignore_use_general_pseudoterminal(auditd_t) - files_ignore_read_rootfs_file(auditd_t) -') - -optional_policy(`selinux.te',` - selinux_newrole_sigchld(auditd_t) -') - -optional_policy(`udev.te', ` - udev_read_database(auditd_t) -') - -ifdef(`TODO',` -allow auditd_t proc_t:dir r_dir_perms; -allow auditd_t proc_t:lnk_file read; -dontaudit auditd_t unpriv_userdomain:fd use; -allow auditd_t autofs_t:dir { search getattr }; -dontaudit auditd_t sysadm_home_dir_t:dir search; -optional_policy(`rhgb.te', ` -allow auditd_t rhgb_t:process sigchld; -allow auditd_t rhgb_t:fd use; -allow auditd_t rhgb_t:fifo_file { read write }; -') - -# cjp: this is questionable: -allow auditd_t sysadm_tty_device_t:chr_file rw_file_perms; -') dnl endif TODO