From 1627ab361ef2454770737a04154006fdee169d16 Mon Sep 17 00:00:00 2001
From: Dave Sugar <dsugar100@gmail.com>
Date: Wed, 26 Aug 2020 23:12:34 -0400
Subject: [PATCH] Looks like this got dropped in pull request #294

Seeing the following denial - adding back in:
localhost kernel: type=1400 audit(1598497795.109:57): avc:  denied  { map } for  pid=1054 comm="modprobe" path="/usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/modules.dep.bin" dev="dm-0" ino=23711 scontext=system_u:system_r:kmod_t:s0 tcontext=system_u:object_r:modules_dep_t:s0 tclass=file permissive=0

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
---
 policy/modules/system/modutils.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 92463ac84..8659a2106 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -44,6 +44,7 @@ allow kmod_t self:rawip_socket create_socket_perms;
 # Read module config and dependency information
 list_dirs_pattern(kmod_t, modules_conf_t, modules_conf_t)
 read_files_pattern(kmod_t, modules_conf_t, modules_conf_t)
+allow kmod_t modules_dep_t:file map;
 list_dirs_pattern(kmod_t, modules_dep_t, modules_dep_t)
 manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t)
 files_kernel_modules_filetrans(kmod_t, modules_dep_t, file)