From 44dc1b9c21abfe11190a6d6458b53eb2b5680f11 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Mon, 24 May 2010 09:54:02 -0400
Subject: [PATCH] netutils patch from Dan Walsh

Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
---
 policy/modules/admin/netutils.fc | 4 ++--
 policy/modules/admin/netutils.te | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
index a2fecb470..dda1928df 100644
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@@ -1,4 +1,3 @@
-
 /bin/ping.* 		--	gen_context(system_u:object_r:ping_exec_t,s0)
 /bin/tracepath.*		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /bin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
@@ -9,6 +8,7 @@
 /usr/bin/nmap		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /usr/bin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 
+/usr/sbin/fping 	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
-/usr/sbin/hping2		--	gen_context(system_u:object_r:ping_exec_t,s0)
+/usr/sbin/hping2	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 1e6a6e14b..d30387642 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -44,6 +44,7 @@ allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlms
 allow netutils_t self:packet_socket create_socket_perms;
 allow netutils_t self:udp_socket create_socket_perms;
 allow netutils_t self:tcp_socket create_stream_socket_perms;
+allow netutils_t self:socket create_socket_perms;
 
 manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
 manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
@@ -85,6 +86,7 @@ logging_send_syslog_msg(netutils_t)
 
 miscfiles_read_localization(netutils_t)
 
+term_dontaudit_use_console(netutils_t)
 userdom_use_user_terminals(netutils_t)
 userdom_use_all_users_fds(netutils_t)
 
@@ -150,6 +152,10 @@ optional_policy(`
 	munin_append_log(ping_t)
 ')
 
+optional_policy(`
+	nagios_rw_inherited_tmp_files(ping_t)
+')
+
 optional_policy(`
 	pcmcia_use_cardmgr_fds(ping_t)
 ')