From: aranea@aixah.de (Luis Ressel)
Date: Sat, 10 Dec 2016 00:54:39 +0100
Subject: [refpolicy] [PATCH] netutils: Label iptstate as netutils_t
Message-ID: <20161209235439.27322-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

>From the package description: "IP Tables State displays states being kept
by iptables in a top-like format". The netutils_t permission set fits it
snugly.
---
 policy/modules/admin/netutils.fc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
index a4672cae..f5be3f95 100644
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@@ -11,7 +11,8 @@
 
 /usr/sbin/arping	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/sbin/fping 	--	gen_context(system_u:object_r:ping_exec_t,s0)
-/usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /usr/sbin/hping2	--	gen_context(system_u:object_r:ping_exec_t,s0)
+/usr/sbin/iptstate	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/sbin/send_arp	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
+/usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-- 
2.11.0