selinux: move chr_file to non-dpdk as well

A last-minute change to the selinux policy caught by testing incorrectly omitted moving a definition from non-dpdk to dpdk. This moves the chr_file definition to a non-dpdk enabled permission, which should allow non-dpdk enabled builds to work. Fixes: 84d2723 ("selinux: update policy to reflect non-root and dpdk support") Signed-off-by: Aaron Conole <[email protected]> Acked-by: Ansis Atteka <[email protected]>
lhh · Sep 1, 2017 · d5f851e · d5f851e
1 parent 84d2723
commit d5f851e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
@@ -18,14 +18,14 @@ require {
 @end_dpdk@
 
         class capability { dac_override audit_write };
+        class chr_file { write getattr read open ioctl };
         class dir { write remove_name add_name lock read };
         class file { write getattr read open execute execute_no_trans create unlink };
         class netlink_audit_socket { create nlmsg_relay audit_write read write };
         class netlink_socket { setopt getopt create connect getattr write read };
         class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };
 
 @begin_dpdk@
-        class chr_file { write getattr read open ioctl };
         class tun_socket { relabelfrom relabelto create };
 @end_dpdk@
 }