[selinux-policy: 1658/3172] On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote: > audit needs fsetid > > syslog needs to be
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:28:23 UTC 2010
commit 5c45eaede1bbbdc6e96e67d38aaca0ffeba413e6
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 23 20:19:29 2007 +0000
On Tue, 2007-02-20 at 12:28 -0500, Daniel J Walsh wrote:
> audit needs fsetid
>
> syslog needs to be able to create a tcp_socket for off machine logging.
Changelog | 2 ++
policy/modules/system/logging.te | 6 ++++--
2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/Changelog b/Changelog
index f6af041..94a2841 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Patch for capability fix for auditd and networking fix for syslogd from
+ Dan Walsh.
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
- Patch to allow apmd to telinit from Dan Walsh.
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 74aeece..a7fb6a6 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
-policy_module(logging,1.5.1)
+policy_module(logging,1.5.2)
########################################
#
@@ -104,7 +104,7 @@ ifdef(`targeted_policy',`
# Auditd local policy
#
-allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
+allow auditd_t self:capability { audit_write audit_control fsetid sys_nice sys_resource };
dontaudit auditd_t self:capability sys_tty_config;
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file { getattr read write };
@@ -271,6 +271,7 @@ allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
allow syslogd_t self:unix_dgram_socket sendto;
allow syslogd_t self:fifo_file rw_file_perms;
allow syslogd_t self:udp_socket create_socket_perms;
+allow syslogd_t self:tcp_socket create_stream_socket_perms;
# Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
@@ -324,6 +325,7 @@ corenet_udp_bind_syslogd_port(syslogd_t)
corenet_tcp_sendrecv_all_if(syslogd_t)
corenet_tcp_sendrecv_all_nodes(syslogd_t)
corenet_tcp_sendrecv_all_ports(syslogd_t)
+corenet_tcp_bind_all_nodes(syslogd_t)
corenet_tcp_bind_rsh_port(syslogd_t)
corenet_tcp_connect_rsh_port(syslogd_t)
More information about the scm-commits
mailing list