From 830fe956471da78c959c91c4684d39bc694ed7a2 Mon Sep 17 00:00:00 2001
From: bigclouds <yuelg@chinaunicom.cn>
Date: Mon, 7 Nov 2022 02:12:41 +0000
Subject: [PATCH] add more capabilities to openvswitch_load_module_t When
 openvswitch starts, it is denied reading modules.* files, so this patch
 allows openvswitch to do so.

Signed-off-by: bigclouds <yuelg@chinaunicom.cn>
(cherry picked from commit e968019d8d5f3f283d795bcb2bdfec37e8773ca2)
---
 fix-selinux-err.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fix-selinux-err.patch b/fix-selinux-err.patch
index c51c91c..40be456 100644
--- a/fix-selinux-err.patch
+++ b/fix-selinux-err.patch
@@ -32,7 +32,7 @@ index b2c63ab..8f76c14 100644
  allow openvswitch_load_module_t kernel_t:system module_request;
  allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
  allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
-+allow openvswitch_load_module_t modules_dep_t:file open;
++allow openvswitch_load_module_t modules_dep_t:file { getattr map open read };
  allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
  allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
  allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };
-- 
Gitee