Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx>
---
policy/modules/kernel/files.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index e9bc8dd9..f1c94411 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -3403,6 +3403,25 @@ interface(`files_dontaudit_read_etc_runtime_files',`
dontaudit $1 etc_runtime_t:file { getattr read };
')
+########################################
+## <summary>
+## Do not audit attempts to read files
+## in /etc
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`files_dontaudit_read_etc_files',`
+ gen_require(`
+ type etc_t;
+ ')
+
+ dontaudit $1 etc_t:file { getattr read };
+')
+
########################################
## <summary>
## Do not audit attempts to write
--
2.19.2
