Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Update rsyslog-audit SELinux policy with one more needed perm

Browse source 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2019-05-29 15:59:59 -07:00
parent 4020cec510
commit 1459a3fa5c
2 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
roles/base/files/selinux/rsyslog-audit.pp
View file

Binary file not shown.

4
roles/base/files/selinux/rsyslog-audit.te
View file

@ -1,8 +1,9 @@
module rsyslog-audit 1.1; module rsyslog-audit 1.2;
require { require {
type auditd_log_t; type auditd_log_t;
type syslogd_t; type syslogd_t;
type var_t;
class file { getattr ioctl open read }; class file { getattr ioctl open read };
class dir { getattr open read search }; class dir { getattr open read search };
} }
@ -10,3 +11,4 @@ require {
#============= syslogd_t ============== #============= syslogd_t ==============
allow syslogd_t auditd_log_t:dir { getattr open read search }; allow syslogd_t auditd_log_t:dir { getattr open read search };
allow syslogd_t auditd_log_t:file { getattr ioctl open read }; allow syslogd_t auditd_log_t:file { getattr ioctl open read };
allow syslogd_t var_t:dir read;