From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 14 Apr 2017 01:25:59 +0200
Subject: [refpolicy] [PATCH 9/10] userdomain: do not audit netlink socket
 creation attempts
Message-ID: <1492125959.14193.47.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the userdomain base module so that an unneeded permission
is not audited.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/system/userdomain.if |    3 +++
 1 file changed, 3 insertions(+)

--- refpolicy-2.20170204-orig/policy/modules/system/userdomain.if	2016-12-17 14:15:16.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/system/userdomain.if	2017-04-13 21:23:08.297212706 +0200
@@ -507,6 +510,9 @@ template(`userdom_common_user_template',
 	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
 
+	# gnome-settings-daemon tries to create a netlink socket
+	dontaudit $1_t self:netlink_kobject_uevent_socket create_socket_perms;
+
 	allow $1_t unpriv_userdomain:fd use;
 
 	kernel_read_system_state($1_t)