Allow puppetmaster to read network state

author Miroslav Grepl <mgrepl@redhat.com>

Thu, 24 Nov 2011 11:27:13 +0000 (12:27 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Thu, 24 Nov 2011 11:27:30 +0000 (12:27 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Thu, 24 Nov 2011 11:27:13 +0000 (12:27 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Thu, 24 Nov 2011 11:27:30 +0000 (12:27 +0100)
diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te

index fb500deb694c2a6a71dcaf9992bf1c7a94e81bb7..e237da7a677976faca5dd28e48a5922d51facf3f 100644 (file)
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@@ -284,6 +284,7 @@ files_tmp_filetrans(puppetmaster_t, puppetmaster_tmp_t, { file dir })
  allow puppetmaster_t puppet_tmp_t:dir relabel_dir_perms;
  
  kernel_dontaudit_search_kernel_sysctl(puppetmaster_t)
+`kernel_read_network_state(puppetmaster_t)
  kernel_read_system_state(puppetmaster_t)
  kernel_read_crypto_sysctls(puppetmaster_t)
  kernel_read_kernel_sysctls(puppetmaster_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 24 Nov 2011 11:27:13 +0000 (12:27 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 24 Nov 2011 11:27:30 +0000 (12:27 +0100)