[COMMIT]refpolicy-contrib branch, master, updated. 5ed8627ce6c7eaa5ac8d53c1137af0e4167031a8

Reference Policy commits mail list refpolicy-commits at oss.tresys.com
Wed Sep 14 08:34:48 CDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "refpolicy-contrib".

The branch, master has been updated
       via  5ed8627ce6c7eaa5ac8d53c1137af0e4167031a8 (commit)
       via  6d4087924b7ebee0a21f3aee902d2bf9348b1f03 (commit)
       via  96393afb8db7dcb75f464ef78e71de39baef87c5 (commit)
       via  f404a684e78826eebb59009665310bedf29fe484 (commit)
       via  a6fc1c4399818ab2f518e896338a542f62909dda (commit)
       via  24deb96a02ea1d4d7824adcf897061909d6f841f (commit)
       via  4f3e2f44b8fdea3eb98f67e523c1f4f5de216ba0 (commit)
      from  f0f7b65d39c33c76773ef405ab0e7fe4b35d8371 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5ed8627ce6c7eaa5ac8d53c1137af0e4167031a8
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Sep 14 08:37:59 2011 -0400

    Module version bump for wireshark updates from Sven Vermeulen.

commit 6d4087924b7ebee0a21f3aee902d2bf9348b1f03
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:49:43 2011 +0200

    Grant wireshark read access on sysfs
    
    The wireshark utility reads information from the network devices listed
    in the sysfs hierarchy.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 96393afb8db7dcb75f464ef78e71de39baef87c5
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:49:16 2011 +0200

    Dumpcap dumps the packets as packet_socket
    
    The dumpcap utility (running in the wireshark_t domain) needs to be able
    to write packet_sockets
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit f404a684e78826eebb59009665310bedf29fe484
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:48:46 2011 +0200

    Allow wireshark to execute bin_t
    
    Wireshark needs to be able to execute applications, definitely for its
    plugin support, but also to call the dumpcap utility (part of the
    wireshark distribution) to be able to dump the network traffic.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit a6fc1c4399818ab2f518e896338a542f62909dda
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:48:16 2011 +0200

    Remove duplicate corecmd_search_bin
    
    Title sais it all, the module used "corecmd_search_bin" twice.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 24deb96a02ea1d4d7824adcf897061909d6f841f
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:47:51 2011 +0200

    Allow wireshark to use the random device
    
    It already has the rights to use the urandom device, but access to the
    random device is also needed.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 4f3e2f44b8fdea3eb98f67e523c1f4f5de216ba0
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Fri Sep 9 21:47:24 2011 +0200

    Allow using user terminals
    
    In order to debug wireshark startup issues, it is important that
    wireshark, when started from a command line, is allowed to output its
    error messages.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

-----------------------------------------------------------------------

Summary of changes:
 wireshark.te |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

Detailed diffset:
:100644 100644 8bfe97d... c45c7c6... M	wireshark.te

diff --git a/wireshark.te b/wireshark.te
index 8bfe97d..c45c7c6 100644
--- a/wireshark.te
+++ b/wireshark.te
@@ -1,4 +1,4 @@
-policy_module(wireshark, 2.2.0)
+policy_module(wireshark, 2.2.1)
 
 ########################################
 #
@@ -40,13 +40,12 @@ allow wireshark_t self:fifo_file { getattr read write };
 allow wireshark_t self:shm destroy;
 allow wireshark_t self:shm create_shm_perms;
 allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
+allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read write };
 allow wireshark_t self:tcp_socket create_socket_perms;
 allow wireshark_t self:udp_socket create_socket_perms;
 
 # Re-execute itself (why?)
 can_exec(wireshark_t, wireshark_exec_t)
-corecmd_search_bin(wireshark_t)
 
 # /home/.wireshark
 manage_dirs_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
@@ -70,11 +69,14 @@ kernel_read_kernel_sysctls(wireshark_t)
 kernel_read_system_state(wireshark_t)
 kernel_read_sysctl(wireshark_t)
 
+corecmd_exec_bin(wireshark_t)
 corecmd_search_bin(wireshark_t)
 
 corenet_tcp_connect_generic_port(wireshark_t)
 corenet_tcp_sendrecv_generic_if(wireshark_t)
 
+dev_read_rand(wireshark_t)
+dev_read_sysfs(wireshark_t)
 dev_read_urand(wireshark_t)
 
 files_read_etc_files(wireshark_t)
@@ -93,6 +95,7 @@ seutil_use_newrole_fds(wireshark_t)
 sysnet_read_config(wireshark_t)
 
 userdom_manage_user_home_content_files(wireshark_t)
+userdom_use_user_ptys(wireshark_t)
 
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(wireshark_t)


hooks/post-receive
--
refpolicy-contrib

More information about the Refpolicy-commits mailing list