commit d188f00538e04e8767bde39594ec6df855b883f5
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 10:52:58 2019 +0200
Update rsyslog
roles/base/files/selinux/rsyslog-audit.pp | Bin 7609 -> 1366 bytes
roles/base/files/selinux/rsyslog-audit.te | 8 +++++---
2 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/roles/base/files/selinux/rsyslog-audit.pp
b/roles/base/files/selinux/rsyslog-audit.pp
index f1a417f..b6612bf 100644
Binary files a/roles/base/files/selinux/rsyslog-audit.pp and
b/roles/base/files/selinux/rsyslog-audit.pp differ
diff --git a/roles/base/files/selinux/rsyslog-audit.te
b/roles/base/files/selinux/rsyslog-audit.te
index a8bf497..daf535e 100644
--- a/roles/base/files/selinux/rsyslog-audit.te
+++ b/roles/base/files/selinux/rsyslog-audit.te
@@ -1,12 +1,14 @@
-module rsyslog-audit 1.0;
+module rsyslog-audit 1.2;
require {
type auditd_log_t;
type syslogd_t;
+ type var_t;
class file { getattr ioctl open read };
- class dir { getattr search };
+ class dir { getattr open read search };
}
#============= syslogd_t ==============
-allow syslogd_t auditd_log_t:dir { getattr search };
+allow syslogd_t auditd_log_t:dir { getattr open read search };
allow syslogd_t auditd_log_t:file { getattr ioctl open read };
+allow syslogd_t var_t:dir read;
Show replies by thread