Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Don't audit storageproxyd unlabeled access"

Browse source
This commit is contained in:
Tri Vo 2022-03-04 17:45:37 +00:00 committed by Gerrit Code Review
commit fbf92e2ada
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
whitechapel/vendor/google/storageproxyd.te vendored
View file

@ -15,3 +15,7 @@ allow tee self:capability { setgid setuid };
# Allow storageproxyd access to gsi_public_metadata_file # Allow storageproxyd access to gsi_public_metadata_file
read_fstab(tee) read_fstab(tee)
# storageproxyd starts before /data is mounted. It handles /data not being there
# gracefully. However, attempts to access /data trigger a denial.
dontaudit tee unlabeled:dir { search };