Iptables patch from Dan Walsh.

policy/modules/admin/shorewall.if

@@ -107,7 +107,7 @@ interface(`shorewall_read_lib_files',`
 #
 interface(`shorewall_rw_lib_files',`
         gen_require(`
-                type shorewall_t;
+                type shorewall_var_lib_t;
        ')
 
         files_search_var_lib($1)

policy/modules/system/iptables.te

@@ -1,5 +1,5 @@
 
-policy_module(iptables, 1.10.1)
+policy_module(iptables, 1.10.2)
 
 ########################################
 #
@@ -30,6 +30,7 @@ files_pid_file(iptables_var_run_t)
 
 allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
 dontaudit iptables_t self:capability sys_tty_config;
+allow iptables_t self:fifo_file rw_fifo_file_perms;
 allow iptables_t self:process { sigchld sigkill sigstop signull signal };
 allow iptables_t self:rawip_socket create_socket_perms;
 
@@ -53,6 +54,7 @@ kernel_read_modprobe_sysctls(iptables_t)
 kernel_use_fds(iptables_t)
 
 corenet_relabelto_all_packets(iptables_t)
+corenet_dontaudit_rw_tun_tap_dev(iptables_t)
 
 dev_read_sysfs(iptables_t)
 
@@ -121,6 +123,10 @@ optional_policy(`
 	seutil_sigchld_newrole(iptables_t)
 ')
 
+optional_policy(`
+	shorewall_rw_lib_files(iptables_t)
+')
+
 optional_policy(`
 	udev_read_db(iptables_t)
 ')