A last-minute change to the selinux policy caught by testing incorrectly omitted moving a definition from non-dpdk to dpdk.
This moves the chr_file definition to a non-dpdk enabled permission, which should allow non-dpdk enabled builds to work. Fixes: 84d272330506 ("selinux: update policy to reflect non-root and dpdk support") Signed-off-by: Aaron Conole <acon...@redhat.com> --- selinux/openvswitch-custom.te.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in index 853de16..c1a774f 100644 --- a/selinux/openvswitch-custom.te.in +++ b/selinux/openvswitch-custom.te.in @@ -18,6 +18,7 @@ require { @end_dpdk@ class capability { dac_override audit_write }; + class chr_file { write getattr read open ioctl }; class dir { write remove_name add_name lock read }; class file { write getattr read open execute execute_no_trans create unlink }; class netlink_audit_socket { create nlmsg_relay audit_write read write }; @@ -25,7 +26,6 @@ require { class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom }; @begin_dpdk@ - class chr_file { write getattr read open ioctl }; class tun_socket { relabelfrom relabelto create }; @end_dpdk@ } -- 2.9.4 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev