commit: c8b3daa87fb663a3b0908b79f5876e5d91ede429
Author: cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Jan 5 10:53:06 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 18:39:00 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c8b3daa8
auditd / auditctl: fix audits
policy/modules/system/logging.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 90e8682..5443405 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -100,6 +100,7 @@ ifdef(`enable_mls',`
#
allow auditctl_t self:capability { fsetid dac_read_search dac_override };
+allow auditctl_t self:process getcap;
allow auditctl_t self:netlink_audit_socket nlmsg_readpriv;
read_files_pattern(auditctl_t, auditd_etc_t, auditd_etc_t)
@@ -149,6 +150,7 @@ allow auditd_t auditd_etc_t:dir list_dir_perms;
allow auditd_t auditd_etc_t:file read_file_perms;
manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
+allow auditd_t auditd_log_t:dir setattr;
manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
allow auditd_t var_log_t:dir search_dir_perms;
