From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 25 Oct 2017 17:15:05 -0400
Subject: [refpolicy] [PATCH] netutils: Grant netutils_t map perms for
 the packet_socket class
In-Reply-To: <20171024234630.12739-1-aranea@aixah.de>
References: <20171024234630.12739-1-aranea@aixah.de>
Message-ID: <d9ff8fe0-e9f0-47d4-d29b-e46ee6063794@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/24/2017 07:46 PM, Luis Ressel via refpolicy wrote:
> This is required for the PACKET_RX_RING feature used by tcpdump.
> ---
>   policy/modules/admin/netutils.te | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
> index a996f03d5..ef49f6bf6 100644
> --- a/policy/modules/admin/netutils.te
> +++ b/policy/modules/admin/netutils.te
> @@ -40,7 +40,7 @@ allow netutils_t self:netlink_route_socket create_netlink_socket_perms;
>   allow netutils_t self:netlink_socket create_socket_perms;
>   # For tcpdump.
>   allow netutils_t self:netlink_netfilter_socket create_socket_perms;
> -allow netutils_t self:packet_socket create_socket_perms;
> +allow netutils_t self:packet_socket { create_socket_perms map };
>   allow netutils_t self:udp_socket create_socket_perms;
>   allow netutils_t self:tcp_socket create_stream_socket_perms;
>   allow netutils_t self:socket create_socket_perms;

Merged.

-- 
Chris PeBenito