From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 17 Sep 2017 10:30:34 -0400 Subject: [refpolicy] [PATCH 6/6] xserver: do not audit ioctl operations on log files In-Reply-To: <1505597944.13203.47.camel@trentalancia.com> References: <1505597944.13203.47.camel@trentalancia.com> Message-ID: <971a4e47-a882-3679-4165-6191b0b03072@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/16/2017 05:39 PM, Guido Trentalancia via refpolicy wrote: > Do not audit ioctl operation attempts whenever write > operations on the xserver log should not be audited. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/services/xserver.if | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/policy/modules/services/xserver.if 2017-09-16 16:21:46.522402219 +0200 > +++ b/policy/modules/services/xserver.if 2017-09-16 16:30:12.480405471 +0200 > @@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log', > type xserver_log_t; > ') > > - dontaudit $1 xserver_log_t:file { append write }; > + dontaudit $1 xserver_log_t:file { append ioctl write }; > ') > > ######################################## Merged. -- Chris PeBenito