From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 14 Dec 2011 15:15:00 +0000 (-0500)
Subject: nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit... 
X-Git-Tag: 000~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa470f97ff37172fb1be056ae18241f6f64fe747;p=people%2Fstevee%2Fselinux-policy.git

nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit for now
---

diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index 372f9181..1896e202 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -131,6 +131,7 @@ optional_policy(`
 #
 
 allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
+dontaudit nfsd_t self:capability sys_rawio;
 
 allow nfsd_t exports_t:file read_file_perms;
 allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;