[refpolicy] [PATCH 5/6] Dumpcap dumps the packets as packet_socket

Sven Vermeulen sven.vermeulen at siphos.be
Sun Sep 4 06:27:34 CDT 2011


The dumpcap utility (running in the wireshark_t domain) needs to be able
to write packet_sockets

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/apps/wireshark.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 5ee2530..78afc39 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -40,7 +40,7 @@ allow wireshark_t self:fifo_file { getattr read write };
 allow wireshark_t self:shm destroy;
 allow wireshark_t self:shm create_shm_perms;
 allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
+allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read write };
 allow wireshark_t self:tcp_socket create_socket_perms;
 allow wireshark_t self:udp_socket create_socket_perms;
 
-- 
1.7.3.4



More information about the refpolicy mailing list