From 6293baeacc91d315427eab48b3468062ed5d4573 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 23 May 2006 19:07:22 +0000
Subject: [PATCH] allow iptables to relabelto all packets

---
 refpolicy/policy/modules/kernel/corenetwork.if.m4 | 6 +++---
 refpolicy/policy/modules/system/iptables.te       | 2 ++
 refpolicy/policy/modules/system/sysnetwork.te     | 1 -
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4
index a5612bd5d..04758324c 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4
@@ -466,7 +466,7 @@ define(`create_packet_interfaces',``
 #
 interface(`corenet_send_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet send;
@@ -485,7 +485,7 @@ interface(`corenet_send_$1_packets',`
 #
 interface(`corenet_receive_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet recv;
@@ -519,7 +519,7 @@ interface(`corenet_sendrecv_$1_packets',`
 #
 interface(`corenet_relabelto_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet relabelto;
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index 5098c76bb..4e124968c 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -43,6 +43,8 @@ kernel_read_kernel_sysctls(iptables_t)
 kernel_read_modprobe_sysctls(iptables_t)
 kernel_use_fds(iptables_t)
 
+corenet_relabelto_all_packets(iptables_t)
+
 dev_read_sysfs(iptables_t)
 
 fs_getattr_xattr_fs(iptables_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 3391137e4..5a0ba14c3 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -153,7 +153,6 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_ttys(dhcpc_t)
 	term_dontaudit_use_generic_ptys(dhcpc_t)
-
 	files_dontaudit_read_root_files(dhcpc_t)
 ')