Failing to install the selinux policy file under RHEL9.1 with error "Failed to resolve permission audit_write". Checking online SELinux permissions, I found that those classes don't support those permissions. So not sure how it's passing on other distributions like RHEL8.2, maybe being ignored. With this change I can install the policy file in RHEL8.2 and RHEL9.1.
Signed-off-by: Roi Dayan <[email protected]> --- selinux/openvswitch-custom.te.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in index beb0ab0d6612..fe2c5bb61a57 100644 --- a/selinux/openvswitch-custom.te.in +++ b/selinux/openvswitch-custom.te.in @@ -49,8 +49,8 @@ require { class fifo_file { getattr read write append ioctl lock open }; class filesystem getattr; class lnk_file { read open }; - class netlink_audit_socket { create nlmsg_relay audit_write read write }; - class netlink_netfilter_socket { create nlmsg_relay audit_write read write }; + class netlink_audit_socket { create nlmsg_relay read write }; + class netlink_netfilter_socket { create read write }; @begin_dpdk@ class netlink_rdma_socket { setopt bind create }; @end_dpdk@ @@ -79,8 +79,8 @@ domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t, openvswitch_load #============= openvswitch_t ============== allow openvswitch_t self:capability { dac_override audit_write net_broadcast net_raw }; -allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write }; -allow openvswitch_t self:netlink_netfilter_socket { create nlmsg_relay audit_write read write }; +allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay read write }; +allow openvswitch_t self:netlink_netfilter_socket { create read write }; @begin_dpdk@ allow openvswitch_t self:netlink_rdma_socket { setopt bind create }; @end_dpdk@ -- 2.21.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
