From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 4 Sep 2011 13:27:34 +0200
Subject: [refpolicy] [PATCH 5/6] Dumpcap dumps the packets as packet_socket
In-Reply-To: <20110904112506.GA2631@siphos.be>
References: <20110904112506.GA2631@siphos.be>
Message-ID: <20110904112733.GF2631@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The dumpcap utility (running in the wireshark_t domain) needs to be able
to write packet_sockets

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/apps/wireshark.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 5ee2530..78afc39 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -40,7 +40,7 @@ allow wireshark_t self:fifo_file { getattr read write };
 allow wireshark_t self:shm destroy;
 allow wireshark_t self:shm create_shm_perms;
 allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
+allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read write };
 allow wireshark_t self:tcp_socket create_socket_perms;
 allow wireshark_t self:udp_socket create_socket_perms;
 
-- 
1.7.3.4