diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
--- refpolicy-git-18012011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
+++ refpolicy-git-18012011-new/policy/modules/system/logging.te 2011-01-18 23:13:49.813854998 +0100
@@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
+allow audisp_t proc_t:file read_file_perms;
+
manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
> --- refpolicy-git-18012011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
> +++ refpolicy-git-18012011-new/policy/modules/system/logging.te 2011-01-18 23:13:49.813854998 +0100
> @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
>
> allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
>
> +allow audisp_t proc_t:file read_file_perms;
usage of proc_t is not allowed here. use:
kernel_read_system_state(audisp_t)
> +
> manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
> files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09g4cACgkQMlxVo39jgT8rugCfWiuhmkrBk40I+piTPDeQF8bG
FJsAn3l5nOhdFsKnGUZ6vQy8QQ/sP7iH
=ngQf
-----END PGP SIGNATURE-----
On Mon, 24/01/2011 at 14.49 +0100, Dominick Grift wrote:
> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
> > --- refpolicy-git-18012011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/system/logging.te 2011-01-18 23:13:49.813854998 +0100
> > @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
> >
> > allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
> >
> > +allow audisp_t proc_t:file read_file_perms;
>
> usage of proc_t is not allowed here. use:
>
> kernel_read_system_state(audisp_t)
Ok, it will be changed accordingly. Wasn't aware of that restriction, is
it the style guidelines thing ? Of course, proc_t is not defined
there...
There were other comments to other pieces of the set. Will check the
rest later this evening or tomorrow as it requires a bit more time.
Thanks very much for your comments.
Regards,
Guido
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 04:49 PM, Guido Trentalancia wrote:
> On Mon, 24/01/2011 at 14.49 +0100, Dominick Grift wrote:
>> On 01/24/2011 01:44 AM, Guido Trentalancia wrote:
>>> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/system/logging.te refpolicy-git-18012011-new/policy/modules/system/logging.te
>>> --- refpolicy-git-18012011/policy/modules/system/logging.te 2011-01-08 19:07:21.356759360 +0100
>>> +++ refpolicy-git-18012011-new/policy/modules/system/logging.te 2011-01-18 23:13:49.813854998 +0100
>>> @@ -223,6 +223,8 @@ allow audisp_t self:unix_dgram_socket cr
>>>
>>> allow audisp_t auditd_t:unix_stream_socket rw_socket_perms;
>>>
>>> +allow audisp_t proc_t:file read_file_perms;
>>
>> usage of proc_t is not allowed here. use:
>>
>> kernel_read_system_state(audisp_t)
>
> Ok, it will be changed accordingly. Wasn't aware of that restriction, is
> it the style guidelines thing ? Of course, proc_t is not defined
> there...
I guess atleast some unwritten rules. but it may or may not be mentioned
in the style guide.
But if you study refpolicy long enough you will probably see that pattern.
>
> There were other comments to other pieces of the set. Will check the
> rest later this evening or tomorrow as it requires a bit more time.
> Thanks very much for your comments.
>
> Regards,
>
> Guido
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09oNUACgkQMlxVo39jgT84TwCguwWul+QDcfBnp7qEOvh7Zjd+
dbYAnAjfSXdfWeheY9hPO5CFdRUVTMXQ
=D62H
-----END PGP SIGNATURE-----