Allow map access to cjdns_exec_t. lvrabec@redhat.com says it's legit.

cjdns.selinux.patch

@@ -1,6 +1,6 @@
 diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
---- ./contrib/selinux/cjdns.te.selinux	2015-11-02 17:59:41.000000000 -0500
-+++ ./contrib/selinux/cjdns.te	2015-11-03 00:10:49.098890187 -0500
+--- ./contrib/selinux/cjdns.te.selinux	2018-01-30 19:04:59.000000000 -0500
++++ ./contrib/selinux/cjdns.te	2018-03-05 01:15:40.302169785 -0500
 @@ -7,8 +7,8 @@ require {
  	type port_t;
  	type unreserved_port_t;
@@ -11,11 +11,13 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
  }
  
  type cjdns_t;
-@@ -18,23 +18,23 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
+@@ -17,24 +17,24 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
+ 
  #============= cjdns_t ==============
  # Let master process run further restricted subprocess
- allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod };
+-allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod };
 -allow cjdns_t self:capability { net_admin net_raw setuid setgid sys_chroot sys_module };
++allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod map };
 +allow cjdns_t self:capability { net_admin net_raw setuid setgid sys_chroot };
  allow cjdns_t self:process { signal getcap setrlimit setcap };
 -allow cjdns_t kernel_t:system module_request;