From 38050b757651db2df20adb5c56b1f5ac1a253dbe Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 24 Nov 2011 12:27:13 +0100
Subject: [PATCH] Allow puppetmaster to read network state

---
 policy/modules/services/puppet.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
index fb500deb..e237da7a 100644
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@@ -284,6 +284,7 @@ files_tmp_filetrans(puppetmaster_t, puppetmaster_tmp_t, { file dir })
 allow puppetmaster_t puppet_tmp_t:dir relabel_dir_perms;
 
 kernel_dontaudit_search_kernel_sysctl(puppetmaster_t)
+`kernel_read_network_state(puppetmaster_t)
 kernel_read_system_state(puppetmaster_t)
 kernel_read_crypto_sysctls(puppetmaster_t)
 kernel_read_kernel_sysctls(puppetmaster_t)
-- 
2.47.3