From 06a80c3d8a5fa8d0f581463d6db5e61fb1ed964a Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <concord@gentoo.org>
Date: Thu, 27 Jun 2024 13:18:45 -0400
Subject: [PATCH] netutils: allow ping to read net sysctls

ping will check whether IPv6 is disabled.

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
---
 policy/modules/admin/netutils.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 815e4c120..807ac0f8b 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -131,6 +131,7 @@ domain_use_interactive_fds(ping_t)
 
 files_read_etc_files(ping_t)
 
+kernel_read_net_sysctls(ping_t)
 kernel_read_system_state(ping_t)
 
 auth_use_nsswitch(ping_t)