diff options
Diffstat (limited to 'policy/modules/system')
| -rw-r--r-- | policy/modules/system/iptables.te | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te index 684d91a25..7c401fa50 100644 --- a/policy/modules/system/iptables.te +++ b/policy/modules/system/iptables.te @@ -105,11 +105,12 @@ sysnet_dns_name_resolve(iptables_t) userdom_use_inherited_user_terminals(iptables_t) - - optional_policy(` # iptables may try to rw /ptmx in a container container_dontaudit_rw_chr_files(iptables_t) + + # iptables reads firewall rules written to tmp + container_read_engine_tmp_files(iptables_t) ') optional_policy(` |