Update rsyslog-audit SELinux policy with one more needed perm

This one was dontaudit. Grr. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2019-05-29 15:59:59 -07:00 · 2019-05-29 15:59:59 -07:00 · 1459a3fa5c
commit 1459a3fa5c
parent 4020cec510
2 changed files with 3 additions and 1 deletions
--- a/roles/base/files/selinux/rsyslog-audit.pp
+++ b/roles/base/files/selinux/rsyslog-audit.pp
--- a/roles/base/files/selinux/rsyslog-audit.te
+++ b/roles/base/files/selinux/rsyslog-audit.te
@ -1,8 +1,9 @@
-module rsyslog-audit 1.1;
+module rsyslog-audit 1.2;

 require {
 	type auditd_log_t;
 	type syslogd_t;
+	type var_t;
 	class file { getattr ioctl open read };
 	class dir { getattr open read search };
 }
@ -10,3 +11,4 @@ require {
 #============= syslogd_t ==============
 allow syslogd_t auditd_log_t:dir { getattr open read search };
 allow syslogd_t auditd_log_t:file { getattr ioctl open read };
+allow syslogd_t var_t:dir read;