write_klog also requires write permission to the directory.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-07-30 09:19:00 -04:00 · 2013-07-30 09:19:00 -04:00 · a473e29de0
commit a473e29de0
parent 79e084fcc9
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@ -303,7 +303,7 @@ allow $1 kernel:system syslog_read;
 define(`write_klog', `
 type_transition $1 device:chr_file klog_device "__kmsg__";
 allow $1 klog_device:chr_file { create open write unlink };
-allow $1 device:dir { add_name remove_name };
+allow $1 device:dir { write add_name remove_name };
 ')

 #####################################