From: Laurent Bigonville <bigon@xxxxxxxx> Signed-off-by: Laurent Bigonville <bigon@xxxxxxxx> --- policy/modules/system/sysnetwork.if | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if index 77eab21e..1f785c7c 100644 --- a/policy/modules/system/sysnetwork.if +++ b/policy/modules/system/sysnetwork.if @@ -364,6 +364,31 @@ interface(`sysnet_read_config',` ') ') +####################################### +## <summary> +## Map network config files. +## </summary> +## <desc> +## <p> +## Allow the specified domain to mmap the +## general network configuration files. +## </p> +## </desc> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`sysnet_map_config',` + gen_require(` + type net_conf_t; + ') + + files_search_etc($1) + allow $1 net_conf_t:file map; +') + ####################################### ## <summary> ## Do not audit attempts to read network config files. -- 2.24.0
