From dc7cc4d5c185e4bc41197acdafa8d12351ee5237 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Sep 15 2010 13:14:55 +0000
Subject: snort patch from Dan Walsh


---

diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index bf59f60..814a47a 100644
--- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te
@@ -61,6 +61,7 @@ kernel_list_proc(snort_t)
 kernel_read_proc_symlinks(snort_t)
 kernel_request_load_module(snort_t)
 kernel_dontaudit_read_system_state(snort_t)
+kernel_read_network_state(snort_t)
 
 corenet_all_recvfrom_unlabeled(snort_t)
 corenet_all_recvfrom_netlabel(snort_t)
@@ -77,6 +78,7 @@ corenet_tcp_connect_prelude_port(snort_t)
 dev_read_sysfs(snort_t)
 dev_read_rand(snort_t)
 dev_read_urand(snort_t)
+dev_read_usbmon_dev(snort_t)
 # Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon
 # Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
 dev_rw_generic_usb_dev(snort_t)