From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 25 Oct 2017 17:15:05 -0400 Subject: [refpolicy] [PATCH] netutils: Grant netutils_t map perms for the packet_socket class In-Reply-To: <20171024234630.12739-1-aranea@aixah.de> References: <20171024234630.12739-1-aranea@aixah.de> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/24/2017 07:46 PM, Luis Ressel via refpolicy wrote: > This is required for the PACKET_RX_RING feature used by tcpdump. > --- > policy/modules/admin/netutils.te | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te > index a996f03d5..ef49f6bf6 100644 > --- a/policy/modules/admin/netutils.te > +++ b/policy/modules/admin/netutils.te > @@ -40,7 +40,7 @@ allow netutils_t self:netlink_route_socket create_netlink_socket_perms; > allow netutils_t self:netlink_socket create_socket_perms; > # For tcpdump. > allow netutils_t self:netlink_netfilter_socket create_socket_perms; > -allow netutils_t self:packet_socket create_socket_perms; > +allow netutils_t self:packet_socket { create_socket_perms map }; > allow netutils_t self:udp_socket create_socket_perms; > allow netutils_t self:tcp_socket create_stream_socket_perms; > allow netutils_t self:socket create_socket_perms; Merged. -- Chris PeBenito