selinux: Add missing permissions for netlink_rdma_socket.

roidayan · apconole · commit 58c66c190066 · 2024-10-09T10:49:18.000-04:00
After testing with DPDK found netlink_rdma_socket missing
permissions 'getattr' and 'getopt' in the audit logs.

Signed-off-by: Roi Dayan &lt;roid@nvidia.com&gt;
Signed-off-by: Aaron Conole &lt;aconole@redhat.com&gt;
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
@@ -52,7 +52,7 @@ require {
         class netlink_audit_socket { create nlmsg_relay read write };
         class netlink_netfilter_socket { create read write };
 @begin_dpdk@
-        class netlink_rdma_socket { setopt bind create };
+        class netlink_rdma_socket { setopt getattr getopt bind create };
 @end_dpdk@
         class netlink_socket { setopt getopt create connect getattr write read };
         class sock_file { write };
@@ -82,7 +82,7 @@ allow openvswitch_t self:capability { dac_override audit_write net_broadcast net
 allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay read write };
 allow openvswitch_t self:netlink_netfilter_socket { create read write };
 @begin_dpdk@
-allow openvswitch_t self:netlink_rdma_socket { setopt bind create };
+allow openvswitch_t self:netlink_rdma_socket { setopt getattr getopt bind create };
 @end_dpdk@
 allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };
 
