From 42431ee6a1b0da8b0d5035e2e162b557f0f77d72 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Dec 13 2012 17:13:11 +0000
Subject: Allow openshift domain to read /dev/urand


---

diff --git a/openshift.te b/openshift.te
index a33452e..93e59f9 100644
--- a/openshift.te
+++ b/openshift.te
@@ -69,6 +69,7 @@ application_domain(openshift_cgroup_read_t, openshift_cgroup_read_exec_t)
 #
 # Template to create openshift_t and openshift_app_t
 #
+
 openshift_service_domain_template(openshift)
 
 ########################################
@@ -175,6 +176,7 @@ corecmd_exec_all_executables(openshift_domain)
 
 dev_read_sysfs(openshift_domain)
 dev_read_rand(openshift_domain)
+dev_read_urand(openshift_domain)
 dev_dontaudit_append_rand(openshift_domain)
 dev_dontaudit_write_urand(openshift_domain)
 dev_dontaudit_getattr_all_blk_files(openshift_domain)