[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Jason Zaman Fri, 11 Mar 2016 09:20:45 -0800

commit:     7c64d1b08fd49c3317d31f82deb877e522e631f0
Author:     Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Sat Feb 13 09:04:06 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Mar 11 17:15:38 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7c64d1b0


Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld

Since version 0.4.0, firewalld uses *tables-restore to speedup the
load of the rules

 policy/modules/system/iptables.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/iptables.te 
b/policy/modules/system/iptables.te
index ce9ea3f..2a5174c 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -111,6 +111,7 @@ optional_policy(`
 
 optional_policy(`
        firewalld_read_config_files(iptables_t)
+       firewalld_read_var_run_files(iptables_t)
        firewalld_dontaudit_rw_tmp_files(iptables_t)
 ')

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Reply via email to