Red Hat Bugzilla – Bug 1309429
[RFE] Create boolean to drop CAP_AUDIT_READ from journald
Last modified: 2017-02-25 20:37:22 EST
Description of problem:
We need to be able to separate the roles of auditadm and system admin. One place where the roles mix is in the journal because it reads from the audit multicast netlink socket. The default value should be to continue allowing reading from the socket. I would also suggest doing the denial with a dont audit rule so that a normally functioning system doesn't get spurious AVCs.
openssh-7.2p2-11.fc24 selinux-policy-3.13.1-191.8.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-99191c4aab
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
selinux-policy-3.13.1-225.10.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-31d4ea5eb1
selinux-policy-3.13.1-225.10.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.