From 569b406914cb6fefe78e52febf7436394a353ddf771f5c1eb9dc39599089b40b Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 30 Sep 2021 06:48:59 +0000 Subject: [PATCH] Accepting request 922219 from home:ematsumiya:branches:security:SELinux - Fix auditd service start with systemd hardening directives (boo#1190918) * add fix_auditd.patch OBS-URL: https://build.opensuse.org/request/show/922219 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=120 --- fix_auditd.patch | 10 ++++++++++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 1 + 3 files changed, 17 insertions(+) create mode 100644 fix_auditd.patch diff --git a/fix_auditd.patch b/fix_auditd.patch new file mode 100644 index 0000000..59e2004 --- /dev/null +++ b/fix_auditd.patch @@ -0,0 +1,10 @@ +--- a/policy/modules/system/logging.if ++++ b/policy/modules/system/logging.if +@@ -430,6 +430,7 @@ interface(`logging_manage_audit_config', + + files_search_etc($1) + manage_files_pattern($1, auditd_etc_t, auditd_etc_t) ++ allow $1 auditd_etc_t:dir mounton; + ') + + ######################################## diff --git a/selinux-policy.changes b/selinux-policy.changes index 7f72bd1..d51807e 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Sep 28 12:44:22 UTC 2021 - Enzo Matsumiya + +- Fix auditd service start with systemd hardening directives (boo#1190918) + * add fix_auditd.patch + ------------------------------------------------------------------- Thu Sep 2 08:45:24 UTC 2021 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index 22171f3..fd3ad19 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -136,6 +136,7 @@ Patch052: fix_cockpit.patch Patch053: fix_systemd_watch.patch # kernel specific sysctl.conf (boo#1184804) Patch054: fix_kernel_sysctl.patch +Patch055: fix_auditd.patch Patch100: sedoctool.patch