From e46dc72b81ca71a147541bc162ecfa203610e663 Mon Sep 17 00:00:00 2001
From: bigclouds <bigclouds@163.com>
Date: Fri, 4 Nov 2022 11:09:57 +0000
Subject: [PATCH] Fix selinux denies openvswitch reading modules_dep_t When
 openvswitch starts, it could read modules.* files, so this patch allows
 openvswitch to do so

Signed-off-by: bigclouds <bigclouds@163.com>
---
 fix-selinux-err.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fix-selinux-err.patch b/fix-selinux-err.patch
index c51c91c..40be456 100644
--- a/fix-selinux-err.patch
+++ b/fix-selinux-err.patch
@@ -32,7 +32,7 @@ index b2c63ab..8f76c14 100644
  allow openvswitch_load_module_t kernel_t:system module_request;
  allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
  allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
-+allow openvswitch_load_module_t modules_dep_t:file open;
++allow openvswitch_load_module_t modules_dep_t:file { getattr map open read };
  allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
  allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
  allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };
-- 
Gitee