From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 24 Nov 2009 10:57:48 -0500
Subject: [refpolicy] system_logging.patch
In-Reply-To: <4B0C0231.8060100@redhat.com>
References: <4AFC886C.7000208@redhat.com>	<1259073178.27504.733.camel@gorn.columbia.tresys.com>
	<4B0C0231.8060100@redhat.com>
Message-ID: <4B0C027C.60607@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/24/2009 10:56 AM, Daniel J Walsh wrote:
> On 11/24/2009 09:32 AM, Christopher J. PeBenito wrote:
>> On Thu, 2009-11-12 at 17:13 -0500, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_logging.patch
>>> Latest audit system handling.
>>
>>
>>> -/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,s0)
>>> -/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> -/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
>>> +/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/audispd_events	-s	gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
>>> +/var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>> +/var/run/auditd_sock	-s	gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
>>>  /var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
>>>  /var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
>>>  /var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>>  /var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
>>
>> Why do sockets need to be system high?
>>
So processes that listen on these socketes have to be system_high.  They are providing system_high information.
>>> +optional_policy(`
>>> +	dbus_system_bus_client(audisp_t)
>>> +
>>> +	optional_policy(`
>>> +		setroubleshoot_dbus_chat(audisp_t)
>>> +	')
>>> +')
>>
>> Is audisp actually doing this, or is it a script it runs that is doing
>> this?  If its the latter, it needs its own policy.
>>
>>
> It is sedisp, so I guess it could have its own policy.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy