From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 11 Dec 2016 14:54:58 -0500
Subject: [refpolicy] [PATCH] netutils: Label iptstate as netutils_t
In-Reply-To: <20161209235439.27322-1-aranea@aixah.de>
References: <20161209235439.27322-1-aranea@aixah.de>
Message-ID: <7141dc77-491d-a10c-5b70-8bf661eb90cc@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/09/16 18:54, Luis Ressel via refpolicy wrote:
>>From the package description: "IP Tables State displays states being kept
> by iptables in a top-like format". The netutils_t permission set fits it
> snugly.
> ---
>  policy/modules/admin/netutils.fc | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
> index a4672cae..f5be3f95 100644
> --- a/policy/modules/admin/netutils.fc
> +++ b/policy/modules/admin/netutils.fc
> @@ -11,7 +11,8 @@
>
>  /usr/sbin/arping	--	gen_context(system_u:object_r:netutils_exec_t,s0)
>  /usr/sbin/fping 	--	gen_context(system_u:object_r:ping_exec_t,s0)
> -/usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
>  /usr/sbin/hping2	--	gen_context(system_u:object_r:ping_exec_t,s0)
> +/usr/sbin/iptstate	--	gen_context(system_u:object_r:netutils_exec_t,s0)
>  /usr/sbin/send_arp	--	gen_context(system_u:object_r:ping_exec_t,s0)
>  /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
> +/usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)

Merged.

-- 
Chris PeBenito