From: pebenito@ieee.org (Chris PeBenito) Date: Mon, 11 Sep 2017 20:19:23 -0400 Subject: [refpolicy] [PATCH 2/3] logging: Label /etc/audisp as auditd_etc_t In-Reply-To: <20170911220239.1953-2-aranea@aixah.de> References: <20170911220239.1953-1-aranea@aixah.de> <20170911220239.1953-2-aranea@aixah.de> Message-ID: <4d10ffc3-741f-9195-c31b-083b19cfe6b4@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/11/2017 06:02 PM, Luis Ressel via refpolicy wrote: > --- > policy/modules/system/logging.fc | 1 + > policy/modules/system/logging.te | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc > index 0d8a4173..5c166aa9 100644 > --- a/policy/modules/system/logging.fc > +++ b/policy/modules/system/logging.fc > @@ -3,6 +3,7 @@ > /etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) > /etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) > /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) > +/etc/audisp(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) > /etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) > /etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) > > diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te > index 47280f44..bbb01137 100644 > --- a/policy/modules/system/logging.te > +++ b/policy/modules/system/logging.te > @@ -261,6 +261,7 @@ files_read_etc_runtime_files(audisp_t) > > mls_file_write_all_levels(audisp_t) > > +logging_read_audit_config(audisp_t) > logging_send_syslog_msg(audisp_t) > > miscfiles_read_localization(audisp_t) I'm not clear why this is needed. I don't think this config should be lumped in with auditd_etc_t, which includes audit rules (hence is system high). The configuration for the dispatcher is not sensitive nor security files like audit rules are. -- Chris PeBenito