From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 4 Sep 2011 13:27:09 +0200
Subject: [refpolicy] [PATCH 4/6] Allow wireshark to execute bin_t
In-Reply-To: <20110904112506.GA2631@siphos.be>
References: <20110904112506.GA2631@siphos.be>
Message-ID: <20110904112708.GE2631@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Wireshark needs to be able to execute applications, definitely for its
plugin support, but also to call the dumpcap utility (part of the
wireshark distribution) to be able to dump the network traffic.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/apps/wireshark.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 32b5ca8..5ee2530 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -69,6 +69,7 @@ kernel_read_kernel_sysctls(wireshark_t)
 kernel_read_system_state(wireshark_t)
 kernel_read_sysctl(wireshark_t)
 
+corecmd_exec_bin(wireshark_t)
 corecmd_search_bin(wireshark_t)
 
 corenet_tcp_connect_generic_port(wireshark_t)
-- 
1.7.3.4