27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
From 2eafd6c8cbc18aa52e320663ba6bf63f334c95d9 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Wed, 23 Nov 2022 09:20:51 +0100
|
|
Subject: [PATCH] Allow syslogd read network sysctls
|
|
|
|
Addresses the following AVC denial:
|
|
|
|
type=AVC msg=audit(1669156432.404:191): avc: denied { read } for pid=700 comm="rsyslogd" name="disable_ipv6" dev="proc" ino=19523 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=0
|
|
|
|
Resolves: rhbz#2145019
|
|
---
|
|
policy/modules/system/logging.te | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
|
index 4e00b7935a..d96d862f7c 100644
|
|
--- a/policy/modules/system/logging.te
|
|
+++ b/policy/modules/system/logging.te
|
|
@@ -541,6 +541,7 @@ kernel_rw_stream_socket_perms(syslogd_t)
|
|
kernel_read_system_state(syslogd_t)
|
|
kernel_read_network_state(syslogd_t)
|
|
kernel_read_kernel_sysctls(syslogd_t)
|
|
+kernel_read_net_sysctls(syslogd_t)
|
|
kernel_read_netlink_audit_socket(syslogd_t)
|
|
kernel_read_proc_symlinks(syslogd_t)
|
|
# Allow access to /proc/kmsg for syslog-ng
|