From: bigon@debian.org (Laurent Bigonville)
Date: Tue,  4 Sep 2012 23:21:09 +0200
Subject: [refpolicy] [PATCH 3/3] Allow iptables_t to do module_request
In-Reply-To: <1346793669-26282-1-git-send-email-bigon@debian.org>
References: <1346793669-26282-1-git-send-email-bigon@debian.org>
Message-ID: <1346793669-26282-3-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Mika Pfl?ger <debian@mikapflueger.de>

---
 policy/modules/system/iptables.te |    1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 0646ee7..6f2fb69 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -30,6 +30,7 @@ files_pid_file(iptables_var_run_t)
 # Iptables local policy
 #
 
+kernel_request_load_module(iptables_t)
 allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
 dontaudit iptables_t self:capability sys_tty_config;
 allow iptables_t self:fifo_file rw_fifo_file_perms;
-- 
1.7.10.4