bashlogger logs all bash to /dev/log This is currently being denied and probably should not be. Reproducible: Always type=AVC msg=audit(1312230850.360:60): avc: denied { write } for pid=2096 comm="bash" name="log" dev=tmpfs ino=1643 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devlog_t tclass=sock_file type=SYSCALL msg=audit(1312230850.360:60): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=6e3bc307a120 a2=6e a3=0 items=0 ppid=2091 pid=2096 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="bash" exe="/bin/bash" subj=root:staff_r:staff_t key=(null)
Will be part of base policy r2.
in hardened-dev overlay
I'm going to pull this one again - upstream does not accept this rule. I'll keep the bug open since I want to explain to users how they can make small adjustments to the policy themselves in a more manageable way (rather than audit2allow everything and having a gazzilion fix modules running).
So I don't forget... """ logging_send_syslog_msg(sysadm_t) """
Documentation is now available: http://www.gentoo.org/proj/en/hardened/selinux-faq.xml#localpolicy