A last-minute change to the selinux policy caught by testing
incorrectly omitted moving a definition from non-dpdk to dpdk.
This moves the chr_file definition to a non-dpdk enabled permission,
which should allow non-dpdk enabled builds to work.
Fixes: 84d272330506 ("selinux: update policy to reflect non-root and dpdk support")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
@end_dpdk@
class capability { dac_override audit_write };
+ class chr_file { write getattr read open ioctl };
class dir { write remove_name add_name lock read };
class file { write getattr read open execute execute_no_trans create unlink };
class netlink_audit_socket { create nlmsg_relay audit_write read write };
class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };
@begin_dpdk@
- class chr_file { write getattr read open ioctl };
class tun_socket { relabelfrom relabelto create };
@end_dpdk@
}