On 4/13/19 1:35 AM, Russell Coker wrote: > On Friday, 12 April 2019 9:54:46 PM AEST Chris PeBenito wrote: >> On 4/9/19 9:39 PM, Russell Coker wrote: >>> Why is a socket that everything sends to labeled as kernel_t? >>> >> >> Russell, you aren't seeing this type of access on Debian? > > > ifdef(`init_systemd',` > init_domain($1, $2) > # this may be because of late labelling > kernel_dgram_send($1) > > allow $1 init_t:unix_dgram_socket sendto; > ') > > The above is in the upstream policy in the init_daemon_domain() interface. > Not sure why. > > I've put in an auditallow rule and so far haven't been able to reproduce it. > So we can probably remove that line. > Upstream RHEL is setting up the attribute 'syslog_client_type', has 'typeattribute $1 syslog_client_type' in logging_send_syslog_msg () and then ifdef(`hide_broken_symptoms',` kernel_dgram_send(syslog_client_type) ') in logging.te When not allowing this access I get a RHEL system that will not boot. I'm happy to put this in an 'ifdef distro_redhat'. Please let me know the preference on how to proceed.
