From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 11 Sep 2017 20:19:23 -0400
Subject: [refpolicy] [PATCH 2/3] logging: Label /etc/audisp as
 auditd_etc_t
In-Reply-To: <20170911220239.1953-2-aranea@aixah.de>
References: <20170911220239.1953-1-aranea@aixah.de>
	<20170911220239.1953-2-aranea@aixah.de>
Message-ID: <4d10ffc3-741f-9195-c31b-083b19cfe6b4@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/11/2017 06:02 PM, Luis Ressel via refpolicy wrote:
> ---
>   policy/modules/system/logging.fc | 1 +
>   policy/modules/system/logging.te | 1 +
>   2 files changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
> index 0d8a4173..5c166aa9 100644
> --- a/policy/modules/system/logging.fc
> +++ b/policy/modules/system/logging.fc
> @@ -3,6 +3,7 @@
>   /etc/rsyslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
>   /etc/syslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
>   /etc/audit(/.*)?		gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
> +/etc/audisp(/.*)?		gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
>   /etc/rc\.d/init\.d/auditd --	gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
>   /etc/rc\.d/init\.d/rsyslog --	gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
>   
> diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> index 47280f44..bbb01137 100644
> --- a/policy/modules/system/logging.te
> +++ b/policy/modules/system/logging.te
> @@ -261,6 +261,7 @@ files_read_etc_runtime_files(audisp_t)
>   
>   mls_file_write_all_levels(audisp_t)
>   
> +logging_read_audit_config(audisp_t)
>   logging_send_syslog_msg(audisp_t)
>   
>   miscfiles_read_localization(audisp_t)

I'm not clear why this is needed.  I don't think this config should be 
lumped in with auditd_etc_t, which includes audit rules (hence is system 
high).  The configuration for the dispatcher is not sensitive nor 
security files like audit rules are.

-- 
Chris PeBenito