From aff0acda4b3bacb18728a07dc6edfa5a023c3347 Mon Sep 17 00:00:00 2001
From: PopiBrossard <24299127+PopiBrossard@users.noreply.github.com>
Date: Tue, 12 Nov 2024 15:49:27 +0100
Subject: [PATCH] Fixes #37999 - allow smart-proxy with PuppetCA to read some
 etc files

---
 foreman-proxy.fc | 2 ++
 foreman-proxy.te | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/foreman-proxy.fc b/foreman-proxy.fc
index e70ec34..ad5e814 100644
--- a/foreman-proxy.fc
+++ b/foreman-proxy.fc
@@ -23,3 +23,5 @@
 /var/run/foreman-proxy(/.*)? gen_context(system_u:object_r:foreman_proxy_var_run_t,s0)
 
 /var/spool/foreman-proxy(/.*)? gen_context(system_u:object_r:foreman_proxy_spool_t,s0)
+
+/etc/foreman-proxy(/.*)? gen_context(system_u:object_r:foreman_proxy_etc_t,s0)
diff --git a/foreman-proxy.te b/foreman-proxy.te
index d5b57c1..1604f0e 100644
--- a/foreman-proxy.te
+++ b/foreman-proxy.te
@@ -101,6 +101,12 @@ manage_dirs_pattern(foreman_proxy_t, foreman_proxy_spool_t, foreman_proxy_spool_
 manage_files_pattern(foreman_proxy_t, foreman_proxy_spool_t, foreman_proxy_spool_t)
 files_spool_filetrans(foreman_proxy_t, foreman_proxy_spool_t, { dir file })
 
+
+# etc files support
+type foreman_proxy_etc_t;
+files_type(foreman_proxy_etc_t)
+read_files_pattern(foreman_proxy_t, foreman_proxy_etc_t, foreman_proxy_etc_t)
+
 # starting via /bin/env
 corecmd_read_bin_symlinks(foreman_proxy_t)