[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Mon, 16 Dec 2019 09:49:32 -0800 

commit:     826d79e436b5411db1e63fb2b1fde34e31f541ad
Author:     Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Fri Oct  4 14:13:02 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 13:13:11 2019 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=826d79e4

Allow geoclue to log in syslog

----
time->Thu Oct  3 17:16:40 2019
type=AVC msg=audit(1570115800.136:513): avc:  denied  { create } for  pid=1384 
comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 
tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1
----
time->Thu Oct  3 17:16:40 2019
type=AVC msg=audit(1570115800.136:514): avc:  denied  { sendto } for  pid=1384 
comm="geoclue" path="/run/systemd/journal/socket" 
scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:syslogd_t:s0 
tc
lass=unix_dgram_socket permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { write } for  pid=1384 
comm="geoclue" name="socket" dev="tmpfs" ino=1781 
scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:devlog_t:s0 
tcla
ss=sock_file permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { search } for  pid=1384 
comm="geoclue" name="journal" dev="tmpfs" ino=1777 
scontext=system_u:system_r:geoclue_t:s0 
tcontext=system_u:object_r:syslogd_runtim
e_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { search } for  pid=1384 
comm="geoclue" name="systemd" dev="tmpfs" ino=11001 
scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:init_runtime_
t:s0 tclass=dir permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { write } for  pid=1384 
comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 
tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1
----

Signed-off-by: Laurent Bigonville <bigon <AT> bigon.be>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/geoclue.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/geoclue.te 
b/policy/modules/services/geoclue.te
index c6e66408..a36bcb80 100644
--- a/policy/modules/services/geoclue.te
+++ b/policy/modules/services/geoclue.te
@@ -30,6 +30,8 @@ dev_read_urand(geoclue_t)
 
 auth_use_nsswitch(geoclue_t)
 
+logging_send_syslog_msg(geoclue_t)
+
 miscfiles_read_generic_certs(geoclue_t)
 miscfiles_read_localization(geoclue_t)

Reply via email to