ibv_get_device_list(3) first tries to get the device list via netlink and if that fails it falls back to getting it from sysfs. Currently the policy denies getting it from netlink, generating some denials. Allow test_ibpkey_access_t the necessary permissions so it can do it the preferred way and doesn't generate audit AVC noise. Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> --- policy/test_ibpkey.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/test_ibpkey.te b/policy/test_ibpkey.te index 97f0c3c..6835897 100644 --- a/policy/test_ibpkey.te +++ b/policy/test_ibpkey.te @@ -11,6 +11,7 @@ testsuite_domain_type(test_ibpkey_access_t) typeattribute test_ibpkey_access_t ibpkeydomain; allow test_ibpkey_access_t self:capability ipc_lock; +allow test_ibpkey_access_t self:netlink_rdma_socket create_socket_perms; dev_rw_infiniband_dev(test_ibpkey_access_t) dev_rw_sysfs(test_ibpkey_access_t) -- 2.39.2
