Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp847708ybp; Fri, 11 Oct 2019 05:25:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqw0yREMak2f+p5SU6oTw/fxuTZbpofgi1NJieqBmlLGqi95Um7FNIRKS2zVI8jGCZR80OWI X-Received: by 2002:a17:906:6bcd:: with SMTP id t13mr13394111ejs.133.1570796708526; Fri, 11 Oct 2019 05:25:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570796708; cv=none; d=google.com; s=arc-20160816; b=UxkXn00xiZEHi13/LzqLJt9IPFhtHewBU7w74C1xkUTWJMFeNC+SRb2myfBveYHl0V cv2SyoV38K4reonoijnrB5JgxyogM1L+TNc3/bZPqonpjcBrug+fIREKNBkh0VL3Z9C8 Jx5dEywBf5iD0XkZtEOcXAhfzuhNYhgPaEPe0HcprQKvIcuQp/rvIBU5DRnFdZwRrmK+ b4AThjyQRAmCsLNgLjgri8gUCg8C+TkT+kRuCCQoT1mXFxROQduZYyLPeHcCtyDf0hk+ 5bCboSOSTBdtWxmWBWRQaPt5uVtoOoQm17WdKuuONQo0FDdLXeXljstciXRuT3+NKsvx O9ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=MYCLPRjoqFh/4D7eVunYIczU0y1FmupPvcuKm12RJUM=; b=Fxy70dW6j+3PeINxGLO4jgz/+oYTfm1lM9NXzlNPLwzlZLmPyv12w/sRvqpm8H0x/q Y9uuAfLmbqLyU8/ij+Ass2qJkmhDSL1SBbNMD85SxiNCSrAh+GPTmZvKvpK5Yz1ds0j5 0iLUZVhTADv87gfK2x0Lj6Z7Q6ODpZb9lpwpBtVnScXtLejpXYZ+BiBSe7QGsDs8EmlP yewM2N2c9DFmHWNcJWPf2dOzLL4a2N7JZX6XbLB8jUxqLG2HjS3YhUvxd7qrykkUUvSr ayzxYZgwFLAirOKw3QbvjQhyRyMPGV0FvSVdWRaXm7JCbE6syNUKCL6HvLkXrKIo34y9 pG+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bigon.be header.s=key1 header.b=mds5LXWL; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j12si5130303ejx.282.2019.10.11.05.25.05; Fri, 11 Oct 2019 05:25:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@bigon.be header.s=key1 header.b=mds5LXWL; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728092AbfJKMYW (ORCPT + 11 others); Fri, 11 Oct 2019 08:24:22 -0400 Received: from ithil.bigon.be ([163.172.57.153]:38290 "EHLO ithil.bigon.be" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728093AbfJKMYV (ORCPT ); Fri, 11 Oct 2019 08:24:21 -0400 Received: from localhost (localhost [IPv6:::1]) by ithil.bigon.be (Postfix) with ESMTP id 6F9E420559 for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bigon.be; h= content-transfer-encoding:mime-version:references:in-reply-to :x-mailer:message-id:date:date:subject:subject:from:from :received:received:received; s=key1; t=1570796658; x=1572611059; bh=H84d6R4gD+f8FUdHJlCpx6j5KP/EU3gLaGSRImfD8KE=; b=mds5LXWLYEoC 2xkkUaFHvqsOcugmp3yFKj/dzwfKSihPeSpbA0WkNIfE/BmFN6L5UGbj0MBh6WUc IdxWUYy2LhMCzTl/3+d1lBdxFi0Xz2T9kxp8osCm+gHi0CG1bfZzUZPl7t/1tNaJ W1FcXTX3Ob1G/hJ7TYT8R5VH4+JtLTU= Received: from ithil.bigon.be ([IPv6:::1]) by localhost (ithil.bigon.be [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id H6yMw_Sf4ZXq for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) Received: from edoras.bigon.be (unknown [193.53.238.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: bigon@bigon.be) by ithil.bigon.be (Postfix) with ESMTPSA for ; Fri, 11 Oct 2019 14:24:18 +0200 (CEST) Received: from bigon (uid 1000) (envelope-from bigon@bigon.be) id 21335 by edoras.bigon.be (DragonFly Mail Agent v0.12); Fri, 11 Oct 2019 14:24:16 +0200 From: Laurent Bigonville To: selinux-refpolicy@vger.kernel.org Subject: [PATCH 02/10] Allow geoclue to log in syslog Date: Fri, 11 Oct 2019 14:24:08 +0200 Message-Id: <20191011122416.14651-2-bigon@debian.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191011122416.14651-1-bigon@debian.org> References: <20191011122416.14651-1-bigon@debian.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org From: Laurent Bigonville ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:513): avc: denied { create } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:514): avc: denied { sendto } for pid=1384 comm="geoclue" path="/run/systemd/journal/socket" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tc lass=unix_dgram_socket permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" name="socket" dev="tmpfs" ino=1781 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:devlog_t:s0 tcla ss=sock_file permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="journal" dev="tmpfs" ino=1777 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:syslogd_runtim e_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="systemd" dev="tmpfs" ino=11001 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:init_runtime_ t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- Signed-off-by: Laurent Bigonville --- policy/modules/services/geoclue.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/geoclue.te b/policy/modules/services/geoclue.te index c6e66408..a36bcb80 100644 --- a/policy/modules/services/geoclue.te +++ b/policy/modules/services/geoclue.te @@ -30,6 +30,8 @@ dev_read_urand(geoclue_t) auth_use_nsswitch(geoclue_t) +logging_send_syslog_msg(geoclue_t) + miscfiles_read_generic_certs(geoclue_t) miscfiles_read_localization(geoclue_t) -- 2.23.0