selinux-policy/dontaudit_interface_kmod_tmpfs.patch

Index: fedora-policy-20221019/policy/modules/services/xserver.te
===================================================================
--- fedora-policy-20221019.orig/policy/modules/services/xserver.te
+++ fedora-policy-20221019/policy/modules/services/xserver.te
@@ -764,6 +764,10 @@ userdom_mounton_tmp_sockets(xdm_t)
 userdom_nnp_transition_login_userdomain(xdm_t)
 userdom_watch_user_home_dirs(xdm_t)
 
+# SUSE uses startproc to start the display manager. While checking for running processes
+# it goes over all running instances, triggering AVCs
+modutils_dontaudit_kmod_tmpfs_getattr(xdm_t)
+
 #userdom_home_manager(xdm_t)
 tunable_policy(`xdm_write_home',`
     userdom_user_home_dir_filetrans(xdm_t, xdm_home_t, { file lnk_file })
Index: fedora-policy-20221019/policy/modules/system/modutils.if
===================================================================
--- fedora-policy-20221019.orig/policy/modules/system/modutils.if
+++ fedora-policy-20221019/policy/modules/system/modutils.if
@@ -507,3 +507,21 @@ interface(`modules_filetrans_named_conte
 	#files_kernel_modules_filetrans($1, modules_dep_t, file, "modules.symbols")
 	#files_kernel_modules_filetrans($1, modules_dep_t, file, "modules.symbols.bin")
 ')
+
+#######################################
+## <summary>
+## Don't audit accesses to tmp file type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`modutils_dontaudit_kmod_tmpfs_getattr',`
+    gen_require(`
+        type kmod_tmpfs_t;
+    ')
+
+    dontaudit $1 kmod_tmpfs_t:file { getattr };
+')