From d5f851e66e03cf7eb194a448e9f27029303f1b3e Mon Sep 17 00:00:00 2001
From: Aaron Conole <aconole@redhat.com>
Date: Fri, 1 Sep 2017 13:17:38 -0400
Subject: selinux: move chr_file to non-dpdk as well

A last-minute change to the selinux policy caught by testing
incorrectly omitted moving a definition from non-dpdk to dpdk.

This moves the chr_file definition to a non-dpdk enabled permission,
which should allow non-dpdk enabled builds to work.

Fixes: 84d272330506 ("selinux: update policy to reflect non-root and dpdk support")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
---
 selinux/openvswitch-custom.te.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'selinux/openvswitch-custom.te.in')

diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index 853de1618..c1a774f0e 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -18,6 +18,7 @@ require {
 @end_dpdk@
 
         class capability { dac_override audit_write };
+        class chr_file { write getattr read open ioctl };
         class dir { write remove_name add_name lock read };
         class file { write getattr read open execute execute_no_trans create unlink };
         class netlink_audit_socket { create nlmsg_relay audit_write read write };
@@ -25,7 +26,6 @@ require {
         class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };
 
 @begin_dpdk@
-        class chr_file { write getattr read open ioctl };
         class tun_socket { relabelfrom relabelto create };
 @end_dpdk@
 }
-- 
cgit v1.2.1