Merge pull request #7 from superseb/rke1_oel_tcp_accept

Add tcp_socket accept for Oracle Linux

Author: cmurphy

policy/centos7/rancher.te

@@ -60,7 +60,7 @@ manage_dirs_pattern(rke_container_t, container_var_lib_t, container_var_lib_t)
 manage_files_pattern(rke_container_t, container_var_lib_t, container_var_lib_t)
 manage_dirs_pattern(rke_container_t, container_var_run_t, container_var_run_t)
 manage_files_pattern(rke_container_t, container_var_run_t, container_var_run_t)
-allow rke_container_t self:tcp_socket listen;
+allow rke_container_t self:tcp_socket { accept listen };
 allow rke_container_t container_var_lib_t:dir { relabelfrom relabelto };
 allow rke_container_t container_var_lib_t:file { relabelfrom relabelto };
 allow rke_container_t rke_opt_t:dir { relabelfrom relabelto };

policy/centos8/rancher.te

@@ -58,7 +58,7 @@ manage_dirs_pattern(rke_container_t, container_var_lib_t, container_var_lib_t)
 manage_files_pattern(rke_container_t, container_var_lib_t, container_var_lib_t)
 manage_dirs_pattern(rke_container_t, container_var_run_t, container_var_run_t)
 manage_files_pattern(rke_container_t, container_var_run_t, container_var_run_t)
-allow rke_container_t self:tcp_socket listen;
+allow rke_container_t self:tcp_socket { accept listen };
 allow rke_container_t container_var_lib_t:file map;
 allow rke_container_t rke_opt_t:file map;
 allow rke_container_t container_var_lib_t:dir { relabelfrom relabelto };