Merge pull request #454 from jpds/rwnetlinksocketperms-typo

obj_perm_sets.spt: Fixed typo in rw_netlink_socket_perms.

policy/modules/admin/portage.te

@@ -156,7 +156,7 @@ allow portage_t self:process { setfscreate };
 # - kill for mysql merging, at least
 allow portage_t self:capability { kill setfcap sys_nice };
 dontaudit portage_t self:capability { dac_read_search };
-dontaudit portage_t self:netlink_route_socket rw_netlink_socket_perms;
+dontaudit portage_t self:netlink_route_socket create_netlink_socket_perms;
 
 # user post-sync scripts
 can_exec(portage_t, portage_conf_t)
@@ -342,7 +342,7 @@ optional_policy(`
 #
 
 allow portage_sandbox_t self:process ptrace;
-dontaudit portage_sandbox_t self:netlink_route_socket rw_netlink_socket_perms;
+dontaudit portage_sandbox_t self:netlink_route_socket create_netlink_socket_perms;
 
 allow portage_sandbox_t portage_log_t:file { create_file_perms delete_file_perms setattr_file_perms append_file_perms };
 logging_log_filetrans(portage_sandbox_t, portage_log_t, file)

policy/modules/admin/vpn.te

@@ -27,7 +27,7 @@ files_tmp_file(vpnc_tmp_t)
 allow vpnc_t self:capability { dac_override dac_read_search ipc_lock net_admin net_raw setuid };
 allow vpnc_t self:process { getsched signal };
 allow vpnc_t self:fifo_file rw_fifo_file_perms;
-allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
+allow vpnc_t self:netlink_route_socket create_netlink_socket_perms;
 allow vpnc_t self:tcp_socket { accept listen };
 allow vpnc_t self:rawip_socket create_socket_perms;
 allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };

policy/modules/services/iodine.te

@@ -24,7 +24,7 @@ allow iodined_t self:capability { net_admin net_raw setgid setuid sys_chroot };
 allow iodined_t self:rawip_socket create_socket_perms;
 allow iodined_t self:tun_socket create_socket_perms;
 allow iodined_t self:udp_socket connected_socket_perms;
-allow iodined_t self:netlink_route_socket rw_netlink_socket_perms;
+allow iodined_t self:netlink_route_socket create_netlink_socket_perms;
 
 manage_dirs_pattern(iodined_t, iodined_runtime_t, iodined_runtime_t)
 manage_files_pattern(iodined_t, iodined_runtime_t, iodined_runtime_t)

policy/modules/services/likewise.te

@@ -99,7 +99,7 @@ corenet_tcp_connect_epmap_port(eventlogd_t)
 
 allow lsassd_t self:capability { chown dac_override fowner fsetid sys_time };
 allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
+allow lsassd_t self:netlink_route_socket create_netlink_socket_perms;
 
 allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
 allow lsassd_t netlogond_var_lib_t:file read_file_perms;
@@ -160,7 +160,7 @@ optional_policy(`
 
 allow lwiod_t self:capability { chown dac_override fowner fsetid sys_resource };
 allow lwiod_t self:process setrlimit;
-allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
+allow lwiod_t self:netlink_route_socket create_netlink_socket_perms;
 
 allow lwiod_t { likewise_krb5_ad_t netlogond_var_lib_t }:file read_file_perms;
 

policy/modules/services/zebra.te

@@ -42,7 +42,7 @@ dontaudit zebra_t self:capability sys_tty_config;
 allow zebra_t self:process { signal_perms getcap setcap };
 allow zebra_t self:fifo_file rw_fifo_file_perms;
 allow zebra_t self:unix_stream_socket { accept connectto listen };
-allow zebra_t self:netlink_route_socket rw_netlink_socket_perms;
+allow zebra_t self:netlink_route_socket create_netlink_socket_perms;
 allow zebra_t self:tcp_socket { connect connected_stream_socket_perms };
 allow zebra_t self:udp_socket create_socket_perms;
 allow zebra_t self:rawip_socket create_socket_perms;

policy/modules/system/ipsec.te

@@ -88,7 +88,7 @@ allow ipsec_t self:udp_socket create_socket_perms;
 allow ipsec_t self:key_socket create_socket_perms;
 allow ipsec_t self:fifo_file rw_fifo_file_perms;
 allow ipsec_t self:netlink_xfrm_socket create_netlink_socket_perms;
-allow ipsec_t self:netlink_route_socket rw_netlink_socket_perms;
+allow ipsec_t self:netlink_route_socket create_netlink_socket_perms;
 
 allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
 
@@ -462,7 +462,7 @@ userdom_use_user_terminals(setkey_t)
 allow ipsec_supervisor_t self:capability { dac_override dac_read_search kill net_admin };
 allow ipsec_supervisor_t self:process { signal signull };
 allow ipsec_supervisor_t self:fifo_file rw_fifo_file_perms;
-allow ipsec_supervisor_t self:netlink_route_socket rw_netlink_socket_perms;
+allow ipsec_supervisor_t self:netlink_route_socket create_netlink_socket_perms;
 allow ipsec_supervisor_t self:netlink_xfrm_socket create_netlink_socket_perms;
 
 allow ipsec_supervisor_t ipsec_conf_file_t:dir list_dir_perms;

policy/support/obj_perm_sets.spt

@@ -100,7 +100,7 @@ define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_wr
 #
 # Permissions for using netlink sockets for operations that modify state.
 #
-define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
+define(`rw_netlink_socket_perms', `{ rw_socket_perms nlmsg_read nlmsg_write }')
 
 #
 # Permissions for using netlink sockets for operations that observe state.