[refpolicy] [PATCHv2 5/6] Dumpcap dumps the packets as packet_socket

Sven Vermeulen sven.vermeulen at siphos.be
Fri Sep 9 14:49:16 CDT 2011


The dumpcap utility (running in the wireshark_t domain) needs to be able
to write packet_sockets

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 wireshark.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/wireshark.te b/wireshark.te
index 2ec43c4..7b325bc 100644
--- a/wireshark.te
+++ b/wireshark.te
@@ -40,7 +40,7 @@ allow wireshark_t self:fifo_file { getattr read write };
 allow wireshark_t self:shm destroy;
 allow wireshark_t self:shm create_shm_perms;
 allow wireshark_t self:netlink_route_socket { nlmsg_read create_socket_perms };
-allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read };
+allow wireshark_t self:packet_socket { setopt bind ioctl getopt create read write };
 allow wireshark_t self:tcp_socket create_socket_perms;
 allow wireshark_t self:udp_socket create_socket_perms;
 
-- 
1.7.3.4



More information about the refpolicy mailing list