From 72256f08960bd2a7e7c51b5206f290c8ac48e857 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 5 Sep 2005 22:37:58 +0000
Subject: [PATCH] Added additional permissions, synced with FC3 policy
 1.17.30-3.16

---
 selinux/shibshar.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/selinux/shibshar.te b/selinux/shibshar.te
index 9227f30..321da2e 100644
--- a/selinux/shibshar.te
+++ b/selinux/shibshar.te
@@ -12,6 +12,7 @@ can_exec(shibshar_t, shibshar_exec_t)
 uses_shlib(shibshar_t)
 can_network(shibshar_t)
 can_tcp_connect(shibshar_t, unconfined_t)
+allow shibshar_t port_type:tcp_socket name_connect;
 allow shibshar_t etc_t:file r_file_perms;
 allow shibshar_t bin_t:dir r_dir_perms;
 allow shibshar_t bin_t:file rx_file_perms;
@@ -24,7 +25,7 @@ allow shibshar_t shibshar_t:netlink_route_socket { create bind getattr};
 allow shibshar_t usr_t:dir r_dir_perms;
 allow shibshar_t usr_t:file rx_file_perms;
 
-allow shibshar_t urandom_device_t:chr_file { getattr read };
+allow shibshar_t urandom_device_t:chr_file { getattr ioctl read };
  
 # Enable HTTPD to connect to the shib-shar socket and read/write to it
 can_unix_connect(httpd_t, shibshar_var_run_t)
-- 
2.1.4