Merge pull request #147 from bauen1/netutils-mtr-fix

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito 2020-01-08 13:56:45 -05:00
commit 6b2d9e4e10
2 changed files with 4 additions and 0 deletions

View File

@ -4,6 +4,7 @@
/usr/bin/iptstate -- gen_context(system_u:object_r:netutils_exec_t,s0)
/usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/mtr -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/mtr-packet -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/bin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)

View File

@ -165,11 +165,14 @@ optional_policy(`
#
allow traceroute_t self:capability { net_admin net_raw setgid setuid };
allow traceroute_t self:fifo_file rw_inherited_fifo_file_perms;
allow traceroute_t self:process signal;
allow traceroute_t self:rawip_socket create_socket_perms;
allow traceroute_t self:packet_socket create_socket_perms;
allow traceroute_t self:udp_socket create_socket_perms;
can_exec(traceroute_t, traceroute_exec_t)
kernel_read_system_state(traceroute_t)
kernel_read_network_state(traceroute_t)