Add interface mysql_dontaudit_rw_db()

wrabcak · ljavorsk · commit 7b3b76c0e1cf · 2020-11-09T11:52:13.000+01:00
diff --git a/mysql.if b/mysql.if
@@ -429,6 +429,25 @@ interface(`mysql_dontaudit_write_log',`
 	dontaudit $1 mysqld_log_t:file { write_file_perms setattr_file_perms };
 ')
 
+########################################
+## <summary>
+##	dontaudit attempts to read/write to the MySQL db files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`mysql_dontaudit_rw_db',`
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	dontaudit $1 mysqld_db_t:file rw_file_perms;
+')
+
 ######################################
 ## <summary>
 ##	Execute MySQL safe script in the mysql safe domain.
