1 # For netutils to be able to write their stdout stderr to the pipes opened by netmgrd 2 allow netutils_wrapper netmgrd:fd use; 3 allow netutils_wrapper netmgrd:fifo_file { getattr read write append }; 4 5 # netmgrd opens files without o_CLOEXEC and fork_execs the netutils wrappers 6 # this results in all file (fd) permissions being audited for access by netutils_wrapper 7 # domain. Stop those audit messages flooding the kernel log. 8 dontaudit netutils_wrapper netmgrd:udp_socket { getattr read write append }; 9 dontaudit netutils_wrapper diag_device:chr_file { getattr read write append ioctl }; 10 dontaudit netutils_wrapper netmgr_data_file:file { getattr read write append }; 11 dontaudit netutils_wrapper netmgrd:netlink_route_socket { getattr read write append }; 12 dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append }; 13 dontaudit netutils_wrapper netmgrd:netlink_xfrm_socket { getattr read write append }; 14 dontaudit netutils_wrapper netmgrd:unix_stream_socket { getattr read write append }; 15 dontaudit netutils_wrapper sysfs_msm_subsys:file read; 16 dontaudit netutils_wrapper netmgrd:tcp_socket { getattr read write append }; 17 dontaudit netutils_wrapper netmgrd:socket { read write }; 18
