From ef7d1c2ff617d10323c02a01181f1989ff1c5a8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= Date: Sat, 18 Jan 2020 18:17:31 -0800 Subject: [PATCH] remove dontaudit dnsmasq kernel:system module_request MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was originally added due to: avc: denied { module_request } for comm="dnsmasq" kmod="netdev-bt-pan" scontext=u:r:dnsmasq:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0 in commit cd761300c1cc67cb2be3e001b95317e8a865c5fe 'Allow some denials we have seen.' This is most likely simply triggered by a race condition on attempting to access a non existent network device 'bt-pan'. I'll simply add the dontaudit to sepolicy/system. Test: N/A Signed-off-by: Maciej Żenczykowski Change-Id: I102fd2aca9f27258ff7d16fff30d0813bc77fc3d --- sepolicy/vendor/dnsmasq.te | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sepolicy/vendor/dnsmasq.te diff --git a/sepolicy/vendor/dnsmasq.te b/sepolicy/vendor/dnsmasq.te deleted file mode 100644 index 35f58fb6..00000000 --- a/sepolicy/vendor/dnsmasq.te +++ /dev/null @@ -1 +0,0 @@ -dontaudit dnsmasq kernel:system module_request;