networkmanager: v1.0.0 needs new socket permissions

author: Jason Zaman <jason@perfinion.com> 2015-01-20 22:30:07 +0800
committer: Jason Zaman <jason@perfinion.com> 2015-01-29 16:32:49 +0800
commit: d9bf60684a0ccb33aa64d3710734d21e702188b0 (patch)
tree: 0ea191a7cae1e43429e3c8517c2ccfdd411f5840
parent: networkmanager: run dispatch scripts in initrc_t domain (diff)
download: hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.tar.gz
hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.tar.bz2
hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
index 3abaf5322..c29e7733e 100644
--- a/policy/modules/contrib/networkmanager.te
+++ b/policy/modules/contrib/networkmanager.te
@@ -372,6 +372,10 @@ ifdef(`distro_gentoo',`
 	# NetworkManager_t policy
 	#
 
+	# bug #538110
+	allow NetworkManager_t self:rawip_socket create_socket_perms;
+	allow NetworkManager_t self:unix_stream_socket connectto;
+
 	# listing /etc/NetworkManager/dispatch.d/
 	list_dirs_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
 	read_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
author	Jason Zaman <jason@perfinion.com>	2015-01-20 22:30:07 +0800
committer	Jason Zaman <jason@perfinion.com>	2015-01-29 16:32:49 +0800
commit	d9bf60684a0ccb33aa64d3710734d21e702188b0 (patch)
tree	0ea191a7cae1e43429e3c8517c2ccfdd411f5840
parent	networkmanager: run dispatch scripts in initrc_t domain (diff)
download	hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.tar.gz hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.tar.bz2 hardened-refpolicy-d9bf60684a0ccb33aa64d3710734d21e702188b0.zip