Lines 26-37
logging_log_file(ulogd_var_log_t)
Link Here
|
26 |
# Local policy |
26 |
# Local policy |
27 |
# |
27 |
# |
28 |
|
28 |
|
29 |
allow ulogd_t self:capability { net_admin sys_nice }; |
29 |
allow ulogd_t self:capability { net_admin sys_nice dac_override setuid setgid}; |
30 |
allow ulogd_t self:process setsched; |
30 |
allow ulogd_t self:process setsched; |
31 |
allow ulogd_t self:netlink_nflog_socket create_socket_perms; |
31 |
allow ulogd_t self:netlink_nflog_socket create_socket_perms; |
32 |
allow ulogd_t self:netlink_socket create_socket_perms; |
32 |
allow ulogd_t self:netlink_socket create_socket_perms; |
33 |
allow ulogd_t self:tcp_socket create_stream_socket_perms; |
33 |
allow ulogd_t self:tcp_socket create_stream_socket_perms; |
34 |
|
34 |
|
|
|
35 |
#Allow /proc/sys/kernel/ngroups_max reading: |
36 |
kernel_read_kernel_sysctls(ulogd_t); |
37 |
#Allow operation on NFLOG objects: |
38 |
allow ulogd_t self:netlink_socket create_socket_perms; |
39 |
|
35 |
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t) |
40 |
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t) |
36 |
|
41 |
|
37 |
list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t) |
42 |
list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t) |
38 |
- |
|
|