netutils: fixes for iftop

Signed-off-by: Kenton Groombridge <me@concord.sh>
2023-03-02 01:58:15 -05:00 · 2023-03-02 01:58:15 -05:00 · 1d8b309808
parent 181077dd47
commit 1d8b309808
2 changed files with 3 additions and 0 deletions
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@ -15,6 +15,7 @@
 /usr/sbin/arping	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/sbin/fping 	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/sbin/hping2	--	gen_context(system_u:object_r:ping_exec_t,s0)
+/usr/sbin/iftop		--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/sbin/iptstate	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/sbin/send_arp	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@ -74,6 +74,8 @@ domain_use_interactive_fds(netutils_t)
 kernel_dontaudit_getattr_proc(netutils_t)

 files_read_etc_files(netutils_t)
+# for iftop to read terminfo files
+files_read_usr_files(netutils_t)
 # for nscd
 files_dontaudit_search_var(netutils_t)