From a547df577b2616a396dfb43b0c1ac1773ef54b70 Mon Sep 17 00:00:00 2001
From: Stuart D. Gathman <stuart@gathman.org>
Date: Jun 24 2016 15:02:13 +0000
Subject: Merge branch 'master' into f23


---

diff --git a/cjdns.selinux.patch b/cjdns.selinux.patch
index 825af31..34680df 100644
--- a/cjdns.selinux.patch
+++ b/cjdns.selinux.patch
@@ -11,7 +11,7 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
  }
  
  type cjdns_t;
-@@ -18,12 +18,13 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
+@@ -18,23 +18,23 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
  #============= cjdns_t ==============
  # Let master process run further restricted subprocess
  allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod };
@@ -27,8 +27,9 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
  # allow network access
  allow cjdns_t node_t:udp_socket node_bind;
  allow cjdns_t port_t:udp_socket name_bind;
-@@ -31,10 +32,9 @@ allow cjdns_t unreserved_port_t:udp_sock
- allow cjdns_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
+ allow cjdns_t unreserved_port_t:udp_socket name_bind;
+-allow cjdns_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
++allow cjdns_t self:netlink_route_socket { bind create getattr nlmsg_read read write nlmsg_write };
  allow cjdns_t self:packet_socket { bind create ioctl read write };
  allow cjdns_t self:tun_socket create;
 -allow cjdns_t self:udp_socket { create setopt bind ioctl getattr read write };
diff --git a/cjdns.spec b/cjdns.spec
index 0773a9a..b9d827b 100644
--- a/cjdns.spec
+++ b/cjdns.spec
@@ -39,7 +39,7 @@
 Name:           cjdns
 # major version is cjdns protocol version:
 Version:        17.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        The privacy-friendly network without borders
 Group:          System Environment/Base
 # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
@@ -467,6 +467,9 @@ fi
 %{_bindir}/graphStats
 
 %changelog
+* Thu Jun 23 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-4
+- cjdns-selinux: allow cjdroute to manipulate route table
+
 * Thu Jun 23 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-3
 - Remove cjdns-resume.service patch, incorporated upstream
 - Add --interface option to cjdns-online.sh