Skip to content

Commit

Permalink
Label /var/run/auditd.state as auditd_var_run_t
Browse files Browse the repository at this point in the history 
/var/run/auditd.state is used by auditd to dump its internal state upon
user request. When created, it has correct type. However, when
relabeled, its type changes to var_run_t and auditd cannot access it
anymore.

Resolves: RHEL-14374
  • Loading branch information
@JurajMarcin @zpytela
JurajMarcin authored and zpytela committed Nov 10, 2023
1 parent 512469a commit ec8cdba
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/system/logging.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ ifdef(`distro_redhat',`
/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
/var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh)
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
/var/run/auditd\.state -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
/var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
Expand Down

0 comments on commit ec8cdba

Please sign in to comment.