From: Ralf Ertzinger <ralf@skytale.net>
Date: Wed, 12 Aug 2015 10:29:30 +0000 (+0000)
Subject: tft: Silence default_t:dir reads
X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=1a3d375bcac254ffae6d0b5cfeec2f34ef8bed7f

tft: Silence default_t:dir reads
---

diff --git a/tf2/tf2.te b/tf2/tf2.te
index c1fe72d..d6db454 100644
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,8 @@
-policy_module(tf2, 0.1.17)
+policy_module(tf2, 0.1.21)
+
+require {
+    type default_t;
+}
 
 # File context for the executable process
 type tf2_t;
@@ -50,3 +54,6 @@ kernel_read_system_state(tf2_t)
 
 # TF2 needs to read the network state
 kernel_read_network_state(tf2_t)
+
+# There's a lot of noise from these accesses
+dontaudit tf2_t default_t:dir read;