From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 15:39:56 +0200
Subject: [refpolicy] [PATCH 02/11] Do not audit the use of portage'
 filedescriptors from load_policy_t
In-Reply-To: <20110823133643.GA857@siphos.be>
References: <20110823133643.GA857@siphos.be>
Message-ID: <20110823133955.GC857@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

During build and eventual activation of the base policy, the load_policy_t
domain attempts to use a portage file descriptor. However, this serves no
purpose (the loading is done correctly and everything is logged
appropriately).

Hence, we dontaudit this use.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/selinuxutil.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index e252935..12dabe2 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -199,6 +199,10 @@ ifdef(`hide_broken_symptoms',`
 	')
 ')
 
+optional_policy(`
+	portage_dontaudit_use_fds(load_policy_t)
+')
+
 ########################################
 #
 # Newrole local policy
-- 
1.7.3.4