[refpolicy] [PATCH 25/34]: patch to allow the audit dispatcher to read the system state
Christopher J. PeBenito
cpebenito at tresys.com
Wed Mar 16 07:48:31 CDT 2011
On 02/16/11 01:29, Guido Trentalancia wrote:
> This patch allows the audit dispatcher to read the system
> state.
>
> diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/system/logging.te refpolicy-git-02022011-new/policy/modules/system/logging.te
> --- refpolicy-git-02022011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
> +++ refpolicy-git-02022011-new/policy/modules/system/logging.te 2011-02-06 23:46:29.790317295 +0100
> @@ -226,6 +226,8 @@ allow audisp_t auditd_t:unix_stream_sock
> manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
> files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
>
> +kernel_read_system_state(audisp_t)
> +
> corecmd_exec_bin(audisp_t)
> corecmd_exec_shell(audisp_t)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list