From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 22 Aug 2011 12:52:38 -0400
Subject: [refpolicy] [PATCH 1/1] Make setfiles be able to send audit
	messages.
In-Reply-To: <1313975910-27826-1-git-send-email-rongqing.li@windriver.com>
References: <1313975910-27826-1-git-send-email-rongqing.li@windriver.com>
Message-ID: <4E528956.3020104@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/21/11 21:18, rongqing.li at windriver.com wrote:
> From: Roy.Li <rongqing.li@windriver.com>
> 
> When audit subsystem is enabled, and setfiles works from root
> dir, setfiles would send the AUDIT_FS_RELABEL information to
> audit system, If no permission to send the information to audit
> by netlink, setfiles would return error.
> 
> The test cases to reproduce this defect:
> 	=> restorecon -R /
> 	=> echo $?
> 	255
> 	=>
> 
> Signed-off-by: Roy.Li <rongqing.li@windriver.com>
> ---
>  policy/modules/system/selinuxutil.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> index e252935..aa080e9 100644
> --- a/policy/modules/system/selinuxutil.te
> +++ b/policy/modules/system/selinuxutil.te
> @@ -557,6 +557,8 @@ init_use_script_fds(setfiles_t)
>  init_use_script_ptys(setfiles_t)
>  init_exec_script_files(setfiles_t)
>  
> +logging_send_audit_msgs(setfiles_t)
> +
>  logging_send_syslog_msg(setfiles_t)
>  
>  miscfiles_read_localization(setfiles_t)

Merged.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com