From: Laurent Bigonville <[email protected]>
Signed-off-by: Laurent Bigonville <[email protected]>
---
policy/modules/system/sysnetwork.if | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 77eab21e..1f785c7c 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -364,6 +364,31 @@ interface(`sysnet_read_config',`
')
')
+#######################################
+## <summary>
+## Map network config files.
+## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to mmap the
+## general network configuration files.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sysnet_map_config',`
+ gen_require(`
+ type net_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 net_conf_t:file map;
+')
+
#######################################
## <summary>
## Do not audit attempts to read network config files.
--
2.24.0