From c2f504c25efc18c9b18b53e00dbcc73c1d13d5a8 Mon Sep 17 00:00:00 2001
From: "Sugar, David" <dsugar@tresys.com>
Date: Tue, 2 Jul 2019 15:30:29 +0000
Subject: [PATCH] grant rpm permission to map rpm_var_lib_t

type=AVC msg=audit(1560913896.432:218): avc:  denied  { map } for pid=1265 comm="rpm" path="/var/lib/rpm/__db.001" dev="dm-0" ino=2223 scontext=system_u:system_r:rpm_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file permissive=1

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/admin/rpm.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index e00b8dddd..0e6e9c03b 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -111,6 +111,7 @@ files_lock_filetrans(rpm_t, rpm_lock_t, file)
 
 manage_dirs_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
 manage_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
+mmap_read_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
 files_var_lib_filetrans(rpm_t, rpm_var_lib_t, { dir file })
 
 manage_dirs_pattern(rpm_t, rpm_var_run_t, rpm_var_run_t)