From d6dabfb56eaef3510fd1d07bf880836c126ddf91 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Thu, 26 Dec 2019 16:22:13 +0100
Subject: [PATCH] netutils: allow mtr to communicate with mtr-packet

---
 policy/modules/admin/netutils.fc | 1 +
 policy/modules/admin/netutils.te | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
index 54c0793f7..13bd901ce 100644
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@@ -4,6 +4,7 @@
 /usr/bin/iptstate	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 /usr/bin/lft		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /usr/bin/mtr		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
+/usr/bin/mtr-packet	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /usr/bin/nmap		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
 /usr/bin/ping.* 	--	gen_context(system_u:object_r:ping_exec_t,s0)
 /usr/bin/send_arp	--	gen_context(system_u:object_r:ping_exec_t,s0)
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 46560a093..223611904 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -165,11 +165,14 @@ optional_policy(`
 #
 
 allow traceroute_t self:capability { net_admin net_raw setgid setuid };
+allow traceroute_t self:fifo_file rw_inherited_fifo_file_perms;
 allow traceroute_t self:process signal;
 allow traceroute_t self:rawip_socket create_socket_perms;
 allow traceroute_t self:packet_socket create_socket_perms;
 allow traceroute_t self:udp_socket create_socket_perms;
 
+can_exec(traceroute_t, traceroute_exec_t)
+
 kernel_read_system_state(traceroute_t)
 kernel_read_network_state(traceroute_t)