From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 24 Nov 2009 09:32:58 -0500
Subject: [refpolicy] system_logging.patch
In-Reply-To: <4AFC886C.7000208@redhat.com>
References: <4AFC886C.7000208@redhat.com>
Message-ID: <1259073178.27504.733.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
> Latest audit system handling.


> -/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,s0)
> -/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,s0)
> -/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
> +/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
> +/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
> +/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>  /var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
>  /var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
>  /var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
>  /var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)

Why do sockets need to be system high?

> +optional_policy(`
> +	dbus_system_bus_client(audisp_t)
> +
> +	optional_policy(`
> +		setroubleshoot_dbus_chat(audisp_t)
> +	')
> +')

Is audisp actually doing this, or is it a script it runs that is doing
this?  If its the latter, it needs its own policy.


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150