From 81c70774c83e5b47aadd6ff8d07f8707a8d7f0d1 Mon Sep 17 00:00:00 2001
From: David Moreau Simard <dmsimard@redhat.com>
Date: Wed, 6 Feb 2019 16:56:45 -0500
Subject: [PATCH] Add missing map permission for gunicorn under selinux

Resolves an AVC when gunicorn attempts to use the python3
interpreter from the virtualenv.

Change-Id: I0be8ebb0bad407e6f9aa9703db0d2a61026c87cd
---
 roles/ara_server/files/ara-gunicorn.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/ara_server/files/ara-gunicorn.te b/roles/ara_server/files/ara-gunicorn.te
index 8fda81e..48eeb9c 100644
--- a/roles/ara_server/files/ara-gunicorn.te
+++ b/roles/ara_server/files/ara-gunicorn.te
@@ -4,11 +4,11 @@ require {
     type var_lib_t;
     type postgresql_db_t;
     type init_t;
-    class file { execute execute_no_trans getattr open read };
+    class file { execute execute_no_trans getattr open read map };
     class lnk_file { getattr read };
 }
 
 #============= init_t ==============
 allow init_t postgresql_db_t:file { getattr open read };
-allow init_t var_lib_t:file { execute execute_no_trans };
+allow init_t var_lib_t:file { execute execute_no_trans map };
 allow init_t var_lib_t:lnk_file { getattr read };