kernel: dontaudit read fixed disk devices

This is triggered rook-ceph creates its OSDs. Signed-off-by: Kenton Groombridge <concord@gentoo.org>
2024-02-07 20:47:50 -05:00 · 2024-02-07 20:47:50 -05:00 · 08adc2fadb
commit 08adc2fadb
parent 5ab2cf6a6a
1 changed files with 4 additions and 0 deletions
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@ -514,6 +514,10 @@ optional_policy(`
 	seutil_domtrans_setfiles(kernel_t)
 ')

+optional_policy(`
+	storage_dontaudit_read_fixed_disk(kernel_t)
+')
+
 optional_policy(`
 	unconfined_domain_noaudit(kernel_t)
 ')