From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 16 Mar 2011 08:48:31 -0400
Subject: [refpolicy] [PATCH 25/34]: patch to allow the audit dispatcher
 to read the system state
In-Reply-To: <1297837757.3205.91.camel@tesla.lan>
References: <1297837757.3205.91.camel@tesla.lan>
Message-ID: <4D80B19F.7010207@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/11 01:29, Guido Trentalancia wrote:
> This patch allows the audit dispatcher to read the system
> state.
> 
> diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/system/logging.te refpolicy-git-02022011-new/policy/modules/system/logging.te
> --- refpolicy-git-02022011/policy/modules/system/logging.te	2011-01-08 19:07:21.356759360 +0100
> +++ refpolicy-git-02022011-new/policy/modules/system/logging.te	2011-02-06 23:46:29.790317295 +0100
> @@ -226,6 +226,8 @@ allow audisp_t auditd_t:unix_stream_sock
>  manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
>  files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
>  
> +kernel_read_system_state(audisp_t)
> +
>  corecmd_exec_bin(audisp_t)
>  corecmd_exec_shell(audisp_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com