From f6b9a5c579fffae1c9c9598031964b76457416aa Mon Sep 17 00:00:00 2001 From: Russell Coker Date: Tue, 23 Sep 2025 13:50:35 +1000 Subject: [PATCH] Some small changes for wireshark Signed-off-by: Russell Coker --- policy/modules/apps/wireshark.te | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te index 1c4204e2bf..b7870537db 100644 --- a/policy/modules/apps/wireshark.te +++ b/policy/modules/apps/wireshark.te @@ -31,10 +31,11 @@ optional_policy(` # allow wireshark_t self:capability { net_admin net_raw setgid }; -allow wireshark_t self:process { getsched signal }; +allow wireshark_t self:process { execmem setsched getsched signal }; allow wireshark_t self:fifo_file rw_fifo_file_perms; allow wireshark_t self:shm create_shm_perms; allow wireshark_t self:packet_socket create_socket_perms; +allow wireshark_t self:netlink_generic_socket connected_socket_perms; manage_dirs_pattern(wireshark_t, wireshark_home_t, wireshark_home_t) manage_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t) @@ -54,7 +55,9 @@ fs_tmpfs_filetrans(wireshark_t, wireshark_tmpfs_t, { dir file lnk_file sock_file can_exec(wireshark_t, wireshark_exec_t) +kernel_read_crypto_sysctls(wireshark_t) kernel_read_kernel_sysctls(wireshark_t) +kernel_read_network_state(wireshark_t) kernel_read_system_state(wireshark_t) kernel_read_sysctl(wireshark_t) @@ -74,6 +77,7 @@ corenet_tcp_connect_generic_port(wireshark_t) dev_read_rand(wireshark_t) dev_read_sysfs(wireshark_t) dev_read_urand(wireshark_t) +dev_rw_dri(wireshark_t) files_map_usr_files(wireshark_t) files_read_usr_files(wireshark_t) @@ -84,6 +88,7 @@ fs_search_auto_mountpoints(wireshark_t) auth_use_nsswitch(wireshark_t) +libs_exec_lib_files(wireshark_t) libs_read_lib_files(wireshark_t) miscfiles_read_fonts(wireshark_t) @@ -115,10 +120,15 @@ optional_policy(` ') optional_policy(` + xdg_manage_cache(wireshark_t) + # gives warnings if it can not write its own config + xdg_manage_config(wireshark_t) + xdg_read_data_files(wireshark_t) xdg_read_downloads(wireshark_t) ') optional_policy(` xserver_user_x_domain_template(wireshark, wireshark_t, wireshark_tmpfs_t) xserver_create_xdm_tmp_sockets(wireshark_t) + xserver_rw_mesa_shader_cache(wireshark_t) ')