From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 24 Nov 2011 11:27:13 +0000 (+0100)
Subject: Allow puppetmaster to read network state
X-Git-Tag: 000~78^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=38050b757651db2df20adb5c56b1f5ac1a253dbe;p=people%2Fstevee%2Fselinux-policy.git

Allow puppetmaster to read network state
---

diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
index fb500deb..e237da7a 100644
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@@ -284,6 +284,7 @@ files_tmp_filetrans(puppetmaster_t, puppetmaster_tmp_t, { file dir })
 allow puppetmaster_t puppet_tmp_t:dir relabel_dir_perms;
 
 kernel_dontaudit_search_kernel_sysctl(puppetmaster_t)
+`kernel_read_network_state(puppetmaster_t)
 kernel_read_system_state(puppetmaster_t)
 kernel_read_crypto_sysctls(puppetmaster_t)
 kernel_read_kernel_sysctls(puppetmaster_t)