1# For netutils to be able to write their stdout stderr to the pipes opened by netmgrd 2allow netutils_wrapper netmgrd:fd use; 3allow netutils_wrapper netmgrd:fifo_file { getattr read write append }; 4 5# netmgrd opens files without o_CLOEXEC and fork_execs the netutils wrappers 6# this results in all file (fd) permissions being audited for access by netutils_wrapper 7# domain. Stop those audit messages flooding the kernel log. 8dontaudit netutils_wrapper netmgrd:udp_socket { getattr read write append }; 9dontaudit netutils_wrapper diag_device:chr_file { getattr read write append ioctl }; 10dontaudit netutils_wrapper netmgr_data_file:file { getattr read write append }; 11dontaudit netutils_wrapper netmgrd:netlink_route_socket { getattr read write append }; 12dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append }; 13dontaudit netutils_wrapper netmgrd:netlink_xfrm_socket { getattr read write append }; 14dontaudit netutils_wrapper netmgrd:unix_stream_socket { getattr read write append }; 15dontaudit netutils_wrapper sysfs_msm_subsys:file read; 16dontaudit netutils_wrapper netmgrd:tcp_socket { getattr read write append }; 17dontaudit netutils_wrapper netmgrd:socket { read write }; 18