28 lines
1.2 KiB
Diff
28 lines
1.2 KiB
Diff
From eadf55a46c69bd5d6920fff03ae6c708ef7c1829 Mon Sep 17 00:00:00 2001
|
|
From: maminjie <maminjie1@huawei.com>
|
|
Date: Thu, 19 Nov 2020 10:27:55 +0800
|
|
Subject: [PATCH] Remove unsupported permission names
|
|
|
|
---
|
|
selinux/openvswitch-custom.te.in | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
|
|
index 2adaf23..b2c63ab 100644
|
|
--- a/selinux/openvswitch-custom.te.in
|
|
+++ b/selinux/openvswitch-custom.te.in
|
|
@@ -78,8 +78,8 @@ domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t, openvswitch_load
|
|
|
|
#============= openvswitch_t ==============
|
|
allow openvswitch_t self:capability { dac_override audit_write net_broadcast net_raw };
|
|
-allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write };
|
|
-allow openvswitch_t self:netlink_netfilter_socket { create nlmsg_relay audit_write read write };
|
|
+allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay read write };
|
|
+allow openvswitch_t self:netlink_netfilter_socket { create read write };
|
|
@begin_dpdk@
|
|
allow openvswitch_t self:netlink_rdma_socket { setopt bind create };
|
|
@end_dpdk@
|
|
--
|
|
2.23.0
|
|
|