xtables-multi wants to getattr of the proc fs

author Miroslav Grepl <mgrepl@redhat.com>

Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te

index a7b2adc5b865d9759ab37bac9c94696d0a6327ec..d6a93ac30783e16b8ddf6bf0fae0c93217f0fceb 100644 (file)
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -43,6 +43,7 @@ allow iptables_t iptables_tmp_t:dir manage_dir_perms;
  allow iptables_t iptables_tmp_t:file manage_file_perms;
  files_tmp_filetrans(iptables_t, iptables_tmp_t, { file dir })
  
+kernel_getattr_proc(iptables_t)
  kernel_request_load_module(iptables_t)
  kernel_read_system_state(iptables_t)
  kernel_read_network_state(iptables_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Tue, 19 Jul 2011 09:32:07 +0000 (09:32 +0000)