Ifconfig should be able to read firmware files in /lib (i.e. some network

cards need to load their firmware) and it should not audit attempts
to load kernel modules directly.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>

policy/modules/system/sysnetwork.te

@@ -265,6 +265,7 @@ optional_policy(`
 #
 
 allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config };
+dontaudit ifconfig_t self:capability sys_module;
 allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
 allow ifconfig_t self:fd use;
 allow ifconfig_t self:fifo_file rw_fifo_file_perms;