nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit...

author Dan Walsh <dwalsh@redhat.com>

Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)
author Dan Walsh <dwalsh@redhat.com>
Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te

index 372f91817791940ad28ada7d1d56c0defb4c3717..1896e202d65e395bc7a1bff4bc8f030bfc05afba 100644 (file)
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -131,6 +131,7 @@ optional_policy(`
  #
  
  allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
+dontaudit nfsd_t self:capability sys_rawio;
  
  allow nfsd_t exports_t:file read_file_perms;
  allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
author	Dan Walsh <dwalsh@redhat.com>
	Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Wed, 14 Dec 2011 15:15:00 +0000 (10:15 -0500)