summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenton Groombridge <concord@gentoo.org>2024-08-07 16:12:15 -0400
committerJason Zaman <perfinion@gentoo.org>2024-09-21 15:28:29 -0700
commit4013344dd813c56faea4c458cfc050396c1a9d49 (patch)
treeafd264778822787f875127e76c1ee44404962888
parentfilesystem, devices: move gadgetfs to usbfs_t (diff)
downloadhardened-refpolicy-4013344dd813c56faea4c458cfc050396c1a9d49.tar.gz
hardened-refpolicy-4013344dd813c56faea4c458cfc050396c1a9d49.tar.bz2
hardened-refpolicy-4013344dd813c56faea4c458cfc050396c1a9d49.zip
iptables: allow reading usr files
The nftables program reads files in /usr/share/iproute2. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r--policy/modules/system/iptables.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 989404bb0..684d91a25 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -84,6 +84,7 @@ domain_use_interactive_fds(iptables_t)
files_read_etc_files(iptables_t)
files_read_etc_runtime_files(iptables_t)
+files_read_usr_files(iptables_t)
auth_use_nsswitch(iptables_t)