Snmp patch from Dan Walsh.

policy/modules/services/snmp.if

@@ -1,5 +1,24 @@
 ## <summary>Simple network management protocol services</summary>
 
+########################################
+## <summary>
+##	Connect to snmpd using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`snmp_stream_connect',`
+	 gen_require(`
+		type snmpd_t, snmpd_var_lib_t;
+	 ')
+
+	 files_search_var_lib($1)
+	 stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
+')
+
 ########################################
 ## <summary>
 ##	Use snmp over a TCP connection.  (Deprecated)
@@ -87,7 +106,7 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an snmp environment
 ## </summary>
 ## <param name="domain">

policy/modules/services/snmp.te

@@ -1,5 +1,5 @@
 
-policy_module(snmp, 1.10.0)
+policy_module(snmp, 1.10.1)
 
 ########################################
 #
@@ -27,7 +27,7 @@ files_type(snmpd_var_lib_t)
 #
 allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
 dontaudit snmpd_t self:capability { sys_module sys_tty_config };
-allow snmpd_t self:process { getsched setsched };
+allow snmpd_t self:process { signal_perms getsched setsched };
 allow snmpd_t self:fifo_file rw_fifo_file_perms;
 allow snmpd_t self:unix_dgram_socket create_socket_perms;
 allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
@@ -72,6 +72,8 @@ corenet_tcp_bind_snmp_port(snmpd_t)
 corenet_udp_bind_snmp_port(snmpd_t)
 corenet_sendrecv_snmp_server_packets(snmpd_t)
 corenet_tcp_connect_agentx_port(snmpd_t)
+corenet_tcp_bind_agentx_port(snmpd_t)
+corenet_udp_bind_agentx_port(snmpd_t)
 
 dev_list_sysfs(snmpd_t)
 dev_read_sysfs(snmpd_t)