From 184b5ccd5d2ff9b8b573c31b887b882ea0ceeae5 Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.com>
Date: Sat, 16 Sep 2017 23:39:04 +0200
Subject: xserver: do not audit ioctl operations on log files

Do not audit ioctl operation attempts whenever write
operations on the xserver log should not be audited.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/services/xserver.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'policy/modules/services/xserver.if')

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 13f80093..e0c5be82 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1129,7 +1129,7 @@ interface(`xserver_dontaudit_write_log',`
 		type xserver_log_t;
 	')
 
-	dontaudit $1 xserver_log_t:file { append write };
+	dontaudit $1 xserver_log_t:file { append ioctl write };
 ')
 
 ########################################
-- 
cgit v1.2.3-65-gdbad