2017-09-16 21:39:04

by Guido Trentalancia

[permalink] [raw]
Subject: [refpolicy] [PATCH 6/6] xserver: do not audit ioctl operations on log files

Do not audit ioctl operation attempts whenever write
operations on the xserver log should not be audited.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/services/xserver.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/policy/modules/services/xserver.if 2017-09-16 16:21:46.522402219 +0200
+++ b/policy/modules/services/xserver.if 2017-09-16 16:30:12.480405471 +0200
@@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log',
type xserver_log_t;
')

- dontaudit $1 xserver_log_t:file { append write };
+ dontaudit $1 xserver_log_t:file { append ioctl write };
')

########################################


2017-09-17 14:30:34

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 6/6] xserver: do not audit ioctl operations on log files

On 09/16/2017 05:39 PM, Guido Trentalancia via refpolicy wrote:
> Do not audit ioctl operation attempts whenever write
> operations on the xserver log should not be audited.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/services/xserver.if | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/policy/modules/services/xserver.if 2017-09-16 16:21:46.522402219 +0200
> +++ b/policy/modules/services/xserver.if 2017-09-16 16:30:12.480405471 +0200
> @@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log',
> type xserver_log_t;
> ')
>
> - dontaudit $1 xserver_log_t:file { append write };
> + dontaudit $1 xserver_log_t:file { append ioctl write };
> ')
>
> ########################################

Merged.

--
Chris PeBenito