Shorewall patch from Dan Walsh.

policy/modules/admin/shorewall.fc

@@ -4,8 +4,9 @@
 /etc/shorewall(/.*)?				gen_context(system_u:object_r:shorewall_etc_t,s0)
 /etc/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_etc_t,s0)
 
-/sbin/shorewall				--	gen_context(system_u:object_r:shorewall_exec_t,s0)
+/sbin/shorewall6?			--	gen_context(system_u:object_r:shorewall_exec_t,s0)
 /sbin/shorewall-lite			--	gen_context(system_u:object_r:shorewall_exec_t,s0)
 
 /var/lib/shorewall(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
+/var/lib/shorewall6(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 /var/lib/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)

policy/modules/admin/shorewall.if

@@ -75,6 +75,46 @@ interface(`shorewall_rw_pid_files',`
 	rw_files_pattern($1, shorewall_var_run_t, shorewall_var_run_t)
 ')
 
+######################################
+## <summary>
+##      Read shorewall /var/lib files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`shorewall_read_lib_files',`
+        gen_require(`
+                type shorewall_t;
+       ')
+
+        files_search_var_lib($1)
+        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+        read_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+')
+
+#######################################
+## <summary>
+##      Read and write shorewall /var/lib files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`shorewall_rw_lib_files',`
+        gen_require(`
+                type shorewall_t;
+       ')
+
+        files_search_var_lib($1)
+        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+        rw_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+')
+
 #######################################
 ## <summary>
 ##	All of the rules required to administrate 

policy/modules/admin/shorewall.te

@@ -1,5 +1,5 @@
 
-policy_module(shorewall, 1.0.0)
+policy_module(shorewall, 1.0.1)
 
 ########################################
 #
@@ -80,6 +80,8 @@ miscfiles_read_localization(shorewall_t)
 
 sysnet_domtrans_ifconfig(shorewall_t)
 
+userdom_dontaudit_list_user_home_dirs(shorewall_t)
+
 optional_policy(`
 	iptables_domtrans(shorewall_t)
 ')