From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 9 Sep 2011 21:49:16 +0200
Subject: [refpolicy] [PATCHv2 5/6] Dumpcap dumps the packets as packet_socket
In-Reply-To: <20110909194626.GC32612@siphos.be>
References: <20110909194626.GC32612@siphos.be>
Message-ID: <20110909194916.GH32612@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The dumpcap utility (running in the wireshark_t domain) needs to be able
to write packet_sockets

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 wireshark.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/wireshark.te b/wireshark.te
index 2ec43c4..7b325bc 100644
--- a/wireshark.te
+++ b/wireshark.te
@@ -40,7 +40,7 @@ allow wireshark_t self:fifo_file { getattr read write };
 allow wireshark_t self:shm destroy;
 allow wireshark_t self:shm create_shm_perms;
 allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
+allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read write };
 allow wireshark_t self:tcp_socket create_socket_perms;
 allow wireshark_t self:udp_socket create_socket_perms;
 
-- 
1.7.3.4