From 69e5e0f72c69761adc0957b8c32b44d68e5b78cc Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.net>
Date: Fri, 14 Apr 2017 01:25:59 +0200
Subject: [PATCH] userdomain: do not audit netlink socket creation attempts

Update the userdomain base module so that an unneeded permission
is not audited.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/system/userdomain.if | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 2e439d9a8..19622e858 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -507,6 +507,9 @@ template(`userdom_common_user_template',`
 	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
 
+	# gnome-settings-daemon tries to create a netlink socket
+	dontaudit $1_t self:netlink_kobject_uevent_socket create_socket_perms;
+
 	allow $1_t unpriv_userdomain:fd use;
 
 	kernel_read_system_state($1_t)