[refpolicy] [PATCH 4/6] Allow wireshark to execute bin_t

Sven Vermeulen sven.vermeulen at siphos.be
Sun Sep 4 06:27:09 CDT 2011


Wireshark needs to be able to execute applications, definitely for its
plugin support, but also to call the dumpcap utility (part of the
wireshark distribution) to be able to dump the network traffic.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/apps/wireshark.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 32b5ca8..5ee2530 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -69,6 +69,7 @@ kernel_read_kernel_sysctls(wireshark_t)
 kernel_read_system_state(wireshark_t)
 kernel_read_sysctl(wireshark_t)
 
+corecmd_exec_bin(wireshark_t)
 corecmd_search_bin(wireshark_t)
 
 corenet_tcp_connect_generic_port(wireshark_t)
-- 
1.7.3.4



More information about the refpolicy mailing list