From ae689b83ecbf1c1664eaecee9e429594b9c320ca704cbddb1a784652919c0686 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 1 Oct 2021 20:28:54 +0000 Subject: [PATCH] Accepting request 922280 from security:SELinux OBS-URL: https://build.opensuse.org/request/show/922280 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=18 --- fix_auditd.patch | 10 ++++++++++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 1 + 3 files changed, 17 insertions(+) create mode 100644 fix_auditd.patch diff --git a/fix_auditd.patch b/fix_auditd.patch new file mode 100644 index 0000000..59e2004 --- /dev/null +++ b/fix_auditd.patch @@ -0,0 +1,10 @@ +--- a/policy/modules/system/logging.if ++++ b/policy/modules/system/logging.if +@@ -430,6 +430,7 @@ interface(`logging_manage_audit_config', + + files_search_etc($1) + manage_files_pattern($1, auditd_etc_t, auditd_etc_t) ++ allow $1 auditd_etc_t:dir mounton; + ') + + ######################################## diff --git a/selinux-policy.changes b/selinux-policy.changes index 7f72bd1..d51807e 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Sep 28 12:44:22 UTC 2021 - Enzo Matsumiya + +- Fix auditd service start with systemd hardening directives (boo#1190918) + * add fix_auditd.patch + ------------------------------------------------------------------- Thu Sep 2 08:45:24 UTC 2021 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index 22171f3..fd3ad19 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -136,6 +136,7 @@ Patch052: fix_cockpit.patch Patch053: fix_systemd_watch.patch # kernel specific sysctl.conf (boo#1184804) Patch054: fix_kernel_sysctl.patch +Patch055: fix_auditd.patch Patch100: sedoctool.patch