rsyslog-audit policy: also allow 'open'

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2019-05-29 10:21:10 -07:00 · 2019-05-29 10:21:10 -07:00 · f4156c3db7
commit f4156c3db7
parent ca0b1da17d
2 changed files with 2 additions and 2 deletions
--- a/roles/base/files/selinux/rsyslog-audit.pp
+++ b/roles/base/files/selinux/rsyslog-audit.pp
--- a/roles/base/files/selinux/rsyslog-audit.te
+++ b/roles/base/files/selinux/rsyslog-audit.te
@ -4,9 +4,9 @@ require {
 	type auditd_log_t;
 	type syslogd_t;
 	class file { getattr ioctl open read };
-	class dir { getattr read search };
+	class dir { getattr open read search };
 }

 #============= syslogd_t ==============
-allow syslogd_t auditd_log_t:dir { getattr read search };
+allow syslogd_t auditd_log_t:dir { getattr open read search };
 allow syslogd_t auditd_log_t:file { getattr ioctl open read };