Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1332439ybc; Sat, 16 Nov 2019 20:49:00 -0800 (PST) X-Google-Smtp-Source: APXvYqwAwAxKEY211v1zVeXhEK9qaxnNlyf2hBYml8CHO98g/xUa13v1BsmJmaPZBb6AZ3AnllXM X-Received: by 2002:a17:906:970a:: with SMTP id k10mr14766977ejx.314.1573966139927; Sat, 16 Nov 2019 20:48:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1573966139; cv=pass; d=google.com; s=arc-20160816; b=d4E3xFhChMsjUTsalO7XJn8BrFlrEFt7i6GndXSjKUiOHPj54n9SD411EJNy7V12Kn ztBjl4URqgDpzBBJ3U72GawGDZxG3V6+7/yVEV1gEuN7tR06+hrx2jQtiqkXvt5vtVOc MTmHTV9innJAxY85DMyniPua12sXIGVrMeFzMqQTYrNGe+cnHZBQkvZX91s3sq+Co682 YSo6hYnYua3CWdNGJGDeZ1OszcjYc/y0pOHA4gEIpq9q1K0/1VmDi7iZ1/rigAqHimmM 3aXx/zWo1X2gOl3Vr/QaKKW8BCNNPC6ATJk2g7lKWvbYRgB2+wmWrBi8iMCOghe1YoPj pCuw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:message-id:date:thread-index :thread-topic:subject:to:from:dkim-signature; bh=Zw6slTkf5TB3ThKpaKFQ/ar6L4t1b3FY+HblSmawDBU=; b=kKwwJohZH2nUGEMwM39JOOpq3QzW2Dl2GG+Pj+QOfaPklPhHpahheAiWxok2WvuRm1 r05aym3D0kW3E1tQw9jBSV9LuJZz7VhBZwNJunKFYL9qdMXCMQEVwQUZ7LnLVKJ1nnT9 EUl6JrgtgLPVb6kXgbil+/DbVge84DQxq7eVBikV+dWROr0sxT231dcam4ezfUJDv3bJ qTp9/j/dFoM5imwUB2rSSD8I4JCksQZmudvcsFaohxZwvzNTL6mYhKqgwHblJ6l4XRsA JcSyU3SKmHKNfONhCf8kcm1aNzIN+93zjq/kGxxBC8ADAi2wnJWrakgzkvrnvLwoXK0a 6u1w== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@tresys.onmicrosoft.com header.s=selector2-tresys-onmicrosoft-com header.b=Cq6pJoHh; arc=pass (i=1 spf=pass spfdomain=tresys.com dkim=pass dkdomain=tresys.com dmarc=pass fromdomain=tresys.com); spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bo7si8612346ejb.15.2019.11.16.20.48.54; Sat, 16 Nov 2019 20:48:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tresys.onmicrosoft.com header.s=selector2-tresys-onmicrosoft-com header.b=Cq6pJoHh; arc=pass (i=1 spf=pass spfdomain=tresys.com dkim=pass dkdomain=tresys.com dmarc=pass fromdomain=tresys.com); spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725959AbfKQEsv (ORCPT + 11 others); Sat, 16 Nov 2019 23:48:51 -0500 Received: from mail-eopbgr770111.outbound.protection.outlook.com ([40.107.77.111]:32839 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725901AbfKQEsv (ORCPT ); Sat, 16 Nov 2019 23:48:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B0HPVCVWz8ZQ9d08FMqCpYWNcIXnRN7DMFcHo5nGOkxObVzjaBL4IVz2gkNamvHwuakGThzuLJx7MKYv/1By5lVGAHpq4lywzM6ibcE8rTOa0wuZP82D2GneGz3V6r0O03jMJDeBHsN/wq9zENX9JjbIlWgPu7PnBTzIHF3rxZNyvvrI4fGEy5MIypXbn9DoOIiKdIEwBQ4cCX8WDIeKc+FnV8SromdlmpwGc+kHuDvaCDt9veS87YGwwgH3X/UB4Ub3BVv8fAk24qBOtufU0H2tkIn0iYD029iz5cB1TUCWTCdu2vO40Lbi0KOiTrCes+Z5ZAwcL6OvovVbjIix+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zw6slTkf5TB3ThKpaKFQ/ar6L4t1b3FY+HblSmawDBU=; b=FpXubmSIJbHGpfMd3LxoPcpIpKjQFk1ue5geWGxsp5hAgCH1pbribjmSt60LVlA5jruWKYFvTDAHFwBH2BfscsdYQ6U3saaMgs+X2/ofeoglB8g7ik49tMPR3n6IS6vYT1j6TeyVpfwCsLW/B4cb9vM6bfJpbRf7VIbw/wXamCeSZz6hwsx60udUVYz4/MQ1ecSvMnPyTbgCPLCKuNFGSvXO20p5fNrvv0hOJrfT8ZZRRGADwMsoQvZX1Px6uciX5cPly2UhtoFpuNJv8VtuT7p9FuuTljRuGrsjBKQJv69A+f+WIL0Hno6dDuasaJ7XiMn74AMLl1Cjw7HZd+jJWw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tresys.com; dmarc=pass action=none header.from=tresys.com; dkim=pass header.d=tresys.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector2-tresys-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zw6slTkf5TB3ThKpaKFQ/ar6L4t1b3FY+HblSmawDBU=; b=Cq6pJoHhcb+mkGTNAmp2TqaMmlkPY+/TtXTGkBfY3QI/QZTyAovEdzXG1r88bGQ5zFuy1Ri90BReBhu5QSnc+aOGL9QDPbQx2qz5vlNBIeI5fKsFMeqrDRsJ2xaTBBfdCF5U2Wts3mnOEbludqKN8gd0tDzeuH7APEKgz6d1zbs= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1345.namprd15.prod.outlook.com (10.172.150.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Sun, 17 Nov 2019 04:48:46 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::31d6:bab7:9eb8:7cf1]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::31d6:bab7:9eb8:7cf1%7]) with mapi id 15.20.2451.029; Sun, 17 Nov 2019 04:48:46 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] resolve syslog imuxsock denial Thread-Topic: [PATCH] resolve syslog imuxsock denial Thread-Index: AQHVnQJLQR4EZsJrNUq7d54ZCaS2gQ== Date: Sun, 17 Nov 2019 04:48:46 +0000 Message-ID: <20191117044832.13428-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: MN2PR20CA0023.namprd20.prod.outlook.com (2603:10b6:208:e8::36) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.21.0 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2a51f907-5205-4708-2d0c-08d76b196dff x-ms-traffictypediagnostic: BN6PR15MB1345: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3631; x-forefront-prvs: 02243C58C6 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(4636009)(39830400003)(366004)(346002)(396003)(376002)(136003)(189003)(199004)(102836004)(6506007)(6116002)(256004)(3846002)(386003)(2351001)(26005)(2616005)(86362001)(36756003)(5660300002)(8936002)(64756008)(66556008)(66476007)(66946007)(7736002)(50226002)(66446008)(305945005)(186003)(66066001)(81166006)(81156014)(2501003)(8676002)(99286004)(25786009)(508600001)(1076003)(2906002)(14454004)(6916009)(6486002)(6436002)(14444005)(6512007)(476003)(52116002)(486006)(316002)(71200400001)(71190400001)(5640700003);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1345;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VWf7flL+RTULkrqRiJLwrq6OabYMCkfmx0yNDtOf287IwUzlrhPV32a0oQYSl9dt9ODvDb5QCyeC+2ZuITgMsjhvhvOApPtliNp8jvvntp+IQaoDlxjiR44Ol2UfP9XUxGxpsZsdLGP8BpH5nE+9mgCJ1iu50Rdrk4bHKQOvAqYKnhoAyEhMPPhkaAB75OLXRBkuYwPtTmh8qcTNEn01d3F35dQO+14Iea/2K9z7eyKcbkLJS78unKa5pPws5RPaI68DuQgPuuoxhlq81J9bmYIjpkaWx9FypQHvUbOwi8TJCZF01V3IRkeeW1VIKaYNaqLA7xBAWmcNoubtILD887KaNbewzSNdiIhwjrYbvVENHCyu52gx8QgVhcsB/XCqHvE1DODtC0Srwx8Ki5Zlw36phNm6NSnVRfwT7Qa7+LB8oSs73SYZUbLPX0vRxOFa x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a51f907-5205-4708-2d0c-08d76b196dff X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2019 04:48:46.4266 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9XiP1F/LyhAQX8i5q5+UUMlhEWabBeNpTV4CLR2YhTa9Q0SbNGFnYsGqAaonqjI4j/hVuYQm9y/QBvyZBRMm3Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1345 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org I'm seeing the following error while starting rsyslog: Nov 17 02:01:38 localhost rsyslogd: cannot create '/run/systemd/journal/sys= log': Permission denied [v8.24.0-41.el7_7.2] Nov 17 02:01:38 localhost rsyslogd: imuxsock does not run because we could = not aquire any socket [v8.24.0-41.el7_7.2] Nov 17 02:01:38 localhost rsyslogd: activation of module imuxsock failed [v= 8.24.0-41.el7_7.2] With the following denials: type=3DAVC msg=3Daudit(1573958708.773:1896): avc: denied { create } for = pid=3D2347 comm=3D"rsyslogd" name=3D"syslog" scontext=3Dsystem_u:system_r:s= yslogd_t:s0 tcontext=3Dsystem_u:object_r:syslogd_runtime_t:s0 tclass=3Dsock= _file permissive=3D1 type=3DAVC msg=3Daudit(1573958708.773:1897): avc: denied { setattr } for = pid=3D2347 comm=3D"rsyslogd" name=3D"syslog" dev=3D"tmpfs" ino=3D19368 sco= ntext=3Dsystem_u:system_r:syslogd_t:s0 tcontext=3Dsystem_u:object_r:syslogd= _runtime_t:s0 tclass=3Dsock_file permissive=3D1 Signed-off-by: Dave Sugar --- policy/modules/system/logging.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/logging.te b/policy/modules/system/loggi= ng.te index 3d5b57f1..42d77a24 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -432,6 +432,8 @@ allow syslogd_t syslogd_runtime_t:file map; files_pid_filetrans(syslogd_t, syslogd_runtime_t, file) allow syslogd_t syslogd_runtime_t:dir create_dir_perms; =20 +allow syslogd_t syslogd_runtime_t:sock_file { create setattr }; + kernel_read_crypto_sysctls(syslogd_t) kernel_read_system_state(syslogd_t) kernel_read_network_state(syslogd_t) --=20 2.21.0