From 509a639debc5e8a88dd777836d4db824a839185d Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Mon, 17 Feb 2020 04:03:18 +0800
Subject: [PATCH] chromium: watch etc dirs

avc:  denied  { watch } for  pid=44464 comm="ThreadPoolForeg" path="/etc" dev="zfs" ino=1436 scontext=staff_u:staff_r:chromium_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 policy/modules/apps/chromium.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/apps/chromium.te b/policy/modules/apps/chromium.te
index 255ef5570..0e8cc1e5f 100644
--- a/policy/modules/apps/chromium.te
+++ b/policy/modules/apps/chromium.te
@@ -156,6 +156,7 @@ files_search_home(chromium_t)
 files_read_usr_files(chromium_t)
 files_map_usr_files(chromium_t)
 files_read_etc_files(chromium_t)
+files_watch_etc_dirs(chromium_t)
 # During find for /etc/whatever-release we get lots of output otherwise
 files_dontaudit_getattr_all_dirs(chromium_t)