From a614e755ae9bda5478c32d0286e81cfe10120fe3 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Mon, 4 May 2020 12:43:18 +0300
Subject: [PATCH] netutils: allow ping to send and receive ICMP packets

Let ping send and receive ICMP packets when Netfilter SECMARK packet
labeling is active.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 policy/modules/admin/netutils.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 899115521..b7f7f80f2 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -113,6 +113,7 @@ allow ping_t self:netlink_route_socket create_netlink_socket_perms;
 
 corenet_all_recvfrom_unlabeled(ping_t)
 corenet_all_recvfrom_netlabel(ping_t)
+corenet_sendrecv_icmp_packets(ping_t)
 corenet_tcp_sendrecv_generic_if(ping_t)
 corenet_raw_sendrecv_generic_if(ping_t)
 corenet_raw_sendrecv_generic_node(ping_t)