diff options
author | Aaron Conole <aconole@redhat.com> | 2017-09-01 13:17:38 -0400 |
---|---|---|
committer | Ansis Atteka <aatteka@ovn.org> | 2017-09-01 12:37:25 -0700 |
commit | d5f851e66e03cf7eb194a448e9f27029303f1b3e (patch) | |
tree | b85faea36a77de8c4f127bbcb9f6d84e4a33778c /selinux/openvswitch-custom.te.in | |
parent | 84d2723305064e25402cb89a16bf7ad1aa2cda70 (diff) | |
download | openvswitch-d5f851e66e03cf7eb194a448e9f27029303f1b3e.tar.gz |
selinux: move chr_file to non-dpdk as well
A last-minute change to the selinux policy caught by testing
incorrectly omitted moving a definition from non-dpdk to dpdk.
This moves the chr_file definition to a non-dpdk enabled permission,
which should allow non-dpdk enabled builds to work.
Fixes: 84d272330506 ("selinux: update policy to reflect non-root and dpdk support")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Diffstat (limited to 'selinux/openvswitch-custom.te.in')
-rw-r--r-- | selinux/openvswitch-custom.te.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in index 853de1618..c1a774f0e 100644 --- a/selinux/openvswitch-custom.te.in +++ b/selinux/openvswitch-custom.te.in @@ -18,6 +18,7 @@ require { @end_dpdk@ class capability { dac_override audit_write }; + class chr_file { write getattr read open ioctl }; class dir { write remove_name add_name lock read }; class file { write getattr read open execute execute_no_trans create unlink }; class netlink_audit_socket { create nlmsg_relay audit_write read write }; @@ -25,7 +26,6 @@ require { class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom }; @begin_dpdk@ - class chr_file { write getattr read open ioctl }; class tun_socket { relabelfrom relabelto create }; @end_dpdk@ } |