diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index c86fad8e0..3f0a14e4b 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -1,5 +1,5 @@ -policy_module(udev, 1.11.1) +policy_module(udev, 1.11.2) ######################################## # @@ -99,6 +99,7 @@ dev_relabel_all_dev_nodes(udev_t) # udev_node.c/node_symlink() symlink labels are explicitly # preserved, instead of short circuiting the relabel dev_relabel_generic_symlinks(udev_t) +dev_manage_generic_symlinks(udev_t) domain_read_all_domains_state(udev_t) domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these @@ -236,6 +237,10 @@ optional_policy(` optional_policy(` hal_dgram_send(udev_t) + + ifdef(`hide_broken_symptoms',` + hal_dontaudit_rw_dgram_sockets(udev_t) + ') ') optional_policy(`