selinux: more changes to support newer hugetlbfs restrictions

The new 'map' action is needed for 'hugetlbfs_t:file' too. CC: Aaron Conole <aconole@redhat.com> Fixes: d2675a146130 ("selinux: changes to support newer hugetlbfs restrictions") Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
author: Timothy Redaelli <tredaelli@redhat.com> 2018-07-31 19:18:44 +0200
committer: Ben Pfaff <blp@ovn.org> 2018-07-31 13:35:08 -0700
commit: 7539bfafac64b99ac3ffed1c40a95b9e8b38cee0 (patch)
tree: 53520e6df038ccdc67e521387f6ae77b760717f0 /selinux
parent: ae6f7530bff39c62d3b7d1baab93623d8f5f3db1 (diff)
download: openvswitch-7539bfafac64b99ac3ffed1c40a95b9e8b38cee0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index 21de1136d..4a16e5eef 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -90,7 +90,7 @@ allow openvswitch_t tun_tap_device_t:chr_file { read write getattr open ioctl };
 
 @begin_dpdk@
 allow openvswitch_t hugetlbfs_t:dir { write remove_name add_name lock read };
-allow openvswitch_t hugetlbfs_t:file { create unlink };
+allow openvswitch_t hugetlbfs_t:file { create unlink map };
 allow openvswitch_t kernel_t:unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };
 allow openvswitch_t self:tun_socket { relabelfrom relabelto create };
 allow openvswitch_t svirt_image_t:file { getattr read write };
author	Timothy Redaelli <tredaelli@redhat.com>	2018-07-31 19:18:44 +0200
committer	Ben Pfaff <blp@ovn.org>	2018-07-31 13:35:08 -0700
commit	7539bfafac64b99ac3ffed1c40a95b9e8b38cee0 (patch)
tree	53520e6df038ccdc67e521387f6ae77b760717f0 /selinux
parent	ae6f7530bff39c62d3b7d1baab93623d8f5f3db1 (diff)
download	openvswitch-7539bfafac64b99ac3ffed1c40a95b9e8b38cee0.tar.gz