From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 24 Nov 2009 10:56:33 -0500
Subject: [refpolicy] system_logging.patch
In-Reply-To: <1259073178.27504.733.camel@gorn.columbia.tresys.com>
References: <4AFC886C.7000208@redhat.com>
	<1259073178.27504.733.camel@gorn.columbia.tresys.com>
Message-ID: <4B0C0231.8060100@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>> Latest audit system handling.
> 
> 
>> -/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,s0)
>> -/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,s0)
>> -/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
>> +/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>> +/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>> +/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>  /var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
>>  /var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
>>  /var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>  /var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
> 
> Why do sockets need to be system high?
> 
>> +optional_policy(`
>> +	dbus_system_bus_client(audisp_t)
>> +
>> +	optional_policy(`
>> +		setroubleshoot_dbus_chat(audisp_t)
>> +	')
>> +')
> 
> Is audisp actually doing this, or is it a script it runs that is doing
> this?  If its the latter, it needs its own policy.
> 
> 
It is sedisp, so I guess it could have its own policy.