From 5d77246f5f032a033f78c62db55a0f03db0327b4 Mon Sep 17 00:00:00 2001
From: Sven Vermeulen <sven.vermeulen@siphos.be>
Date: Tue, 23 Aug 2011 15:39:56 +0200
Subject: [PATCH] Do not audit the use of portage' filedescriptors from
 load_policy_t

During build and eventual activation of the base policy, the load_policy_t
domain attempts to use a portage file descriptor. However, this serves no
purpose (the loading is done correctly and everything is logged
appropriately).

Hence, we dontaudit this use.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/selinuxutil.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index d748bb2eb..70ddf3308 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -199,6 +199,10 @@ ifdef(`hide_broken_symptoms',`
 	')
 ')
 
+optional_policy(`
+	portage_dontaudit_use_fds(load_policy_t)
+')
+
 ########################################
 #
 # Newrole local policy