Dontaudit oracleasm_t domain to request sys_admin capability

fedora-selinux · Jul 27, 2018 · e0b6c2d · e0b6c2d
1 parent 6cef61e
commit e0b6c2d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/oracleasm.te b/oracleasm.te
@@ -26,6 +26,7 @@ files_config_file(oracleasm_conf_t)
 allow oracleasm_t self:capability { dac_read_search  fsetid fowner chown };
 allow oracleasm_t self:fifo_file rw_fifo_file_perms;
 allow oracleasm_t self:unix_stream_socket create_stream_socket_perms;
+dontaudit oracleasm_t self:capability { sys_admin };
 
 allow oracleasm_t oracleasm_conf_t:file manage_file_perms;
 allow oracleasm_t oracleasm_conf_t:dir manage_dir_perms;