1 2 3 4 5 6
allow tee drm_block_device:blk_file rw_file_perms; # tee starts as root, and drops privileges allow tee self:capability { setuid setgid }; allow tee block_device:dir search;