xserver: do not audit ioctl operations on log files

Do not audit ioctl operation attempts whenever write operations on the xserver log should not be audited. Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
author: Guido Trentalancia <guido@trentalancia.com> 2017-09-16 23:39:04 +0200
committer: Jason Zaman <jason@perfinion.com> 2017-10-29 20:58:03 +0800
commit: 184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5 (patch)
tree: 131563dd587eb4f64e276e7d24b6b037555fc27c /policy/modules/services/xserver.if
parent: Avoid memory leak warning. (diff)
download: hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.tar.gz
hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.tar.bz2
hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 13f80093..e0c5be82 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log',`
 		type xserver_log_t;
 	')
 
-	dontaudit $1 xserver_log_t:file { append write };
+	dontaudit $1 xserver_log_t:file { append ioctl write };
 ')
 
 ########################################
author	Guido Trentalancia <guido@trentalancia.com>	2017-09-16 23:39:04 +0200
committer	Jason Zaman <jason@perfinion.com>	2017-10-29 20:58:03 +0800
commit	184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5 (patch)
tree	131563dd587eb4f64e276e7d24b6b037555fc27c /policy/modules/services/xserver.if
parent	Avoid memory leak warning. (diff)
download	hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.tar.gz hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.tar.bz2 hardened-refpolicy-184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5.zip