iptables: allow reading initrc pipes

The systemd service calls a script which reads the saved rules from a file piped to stdin. Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-03-11 21:21:26 -05:00 · 2021-03-11 21:21:26 -05:00 · a1a9c33e88
commit a1a9c33e88
parent 7ca9dcea1f
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@ -86,6 +86,7 @@ auth_use_nsswitch(iptables_t)
 init_use_fds(iptables_t)
 init_use_script_ptys(iptables_t)
 # to allow rules to be saved on reboot:
+init_rw_script_pipes(iptables_t)
 init_rw_script_tmp_files(iptables_t)
 init_rw_script_stream_sockets(iptables_t)