diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2024-02-07 20:47:50 -0500 |
|---|---|---|
| committer | Kenton Groombridge <concord@gentoo.org> | 2024-03-01 12:04:28 -0500 |
| commit | 745b208f397f5f0d676a06cdd05bbe90897222f8 (patch) | |
| tree | 35c5ab8bebaae2f054eae7d71cbadde18b79b63d | |
| parent | container, kubernetes: add support for rook-ceph (diff) | |
| download | hardened-refpolicy-745b208f397f5f0d676a06cdd05bbe90897222f8.tar.gz hardened-refpolicy-745b208f397f5f0d676a06cdd05bbe90897222f8.tar.bz2 hardened-refpolicy-745b208f397f5f0d676a06cdd05bbe90897222f8.zip | |
kernel: dontaudit read fixed disk devices
This is triggered rook-ceph creates its OSDs.
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/kernel/kernel.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index 3c37030b6..8bf5f1a1b 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -515,6 +515,10 @@ optional_policy(` ') optional_policy(` + storage_dontaudit_read_fixed_disk(kernel_t) +') + +optional_policy(` unconfined_domain_noaudit(kernel_t) ') |