From f85544209a9ff20bc3b68e6c56c85c2d0c631a5e Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Sun, 23 Oct 2005 22:46:06 +0000
Subject: [PATCH] nwmgr fixes

---
 refpolicy/policy/modules/kernel/corenetwork.if.in   | 2 +-
 refpolicy/policy/modules/services/networkmanager.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index eb8dbb43..38c90f91 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1003,7 +1003,7 @@ interface(`corenet_use_tun_tap_device',`
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 tun_tap_device_t:chr_file { read write ioctl };
+	allow $1 tun_tap_device_t:chr_file { getattr read write ioctl  lock append };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index e4d64c38..2be3b08b 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -20,7 +20,7 @@ files_pid_file(NetworkManager_var_run_t)
 
 allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock};
 dontaudit NetworkManager_t self:capability sys_tty_config;
-allow NetworkManager_t self:process { setcap getsched };
+allow NetworkManager_t self:process { setcap getsched signal_perms };
 allow NetworkManager_t self:fifo_file rw_file_perms;
 allow NetworkManager_t self:unix_dgram_socket create_socket_perms;
 allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;