diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if index 5ee661e..6b38b03 100644 --- a/refpolicy/policy/modules/system/init.if +++ b/refpolicy/policy/modules/system/init.if @@ -77,11 +77,14 @@ interface(`init_daemon_domain',` typeattribute $2 direct_init_entry; ') - # Red Hat systems seem to have a stray - # fd open from the initrd - ifdef(`distro_redhat',` - kernel_dontaudit_use_fd($1) - files_dontaudit_read_root_file($1) + ifdef(`hide_broken_symptoms',` + # Red Hat systems seem to have a stray + # fds open from the initrd + ifdef(`distro_redhat',` + kernel_dontaudit_use_fd($1) + storage_dontaudit_read_fixed_disk($1) + files_dontaudit_read_root_file($1) + ') ') ifdef(`targeted_policy',` @@ -156,11 +159,14 @@ interface(`init_system_domain',` allow $1 initrc_t:fifo_file rw_file_perms; allow $1 initrc_t:process sigchld; - # Red Hat systems seem to have a stray - # fd open from the initrd - optional_policy(`distro_redhat',` - kernel_dontaudit_use_fd($1) - files_dontaudit_read_root_file($1) + ifdef(`hide_broken_symptoms',` + # Red Hat systems seem to have a stray + # fds open from the initrd + ifdef(`distro_redhat',` + kernel_dontaudit_use_fd($1) + storage_dontaudit_read_fixed_disk($1) + files_dontaudit_read_root_file($1) + ') ') ')