From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 17 Sep 2017 10:30:34 -0400
Subject: [refpolicy] [PATCH 6/6] xserver: do not audit ioctl operations
 on log files
In-Reply-To: <1505597944.13203.47.camel@trentalancia.com>
References: <1505597944.13203.47.camel@trentalancia.com>
Message-ID: <971a4e47-a882-3679-4165-6191b0b03072@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/16/2017 05:39 PM, Guido Trentalancia via refpolicy wrote:
> Do not audit ioctl operation attempts whenever write
> operations on the xserver log should not be audited.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/services/xserver.if |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> --- a/policy/modules/services/xserver.if	2017-09-16 16:21:46.522402219 +0200
> +++ b/policy/modules/services/xserver.if	2017-09-16 16:30:12.480405471 +0200
> @@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log',
>   		type xserver_log_t;
>   	')
>   
> -	dontaudit $1 xserver_log_t:file { append write };
> +	dontaudit $1 xserver_log_t:file { append ioctl write };
>   ')
>   
>   ########################################

Merged.

-- 
Chris PeBenito