[refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2

Daniel J Walsh dwalsh at redhat.com
Tue Dec 21 07:47:54 CST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/20/2010 05:31 PM, Dominick Grift wrote:
> On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote:
>> From: Chris Richards <gizmo at giz-works.com>
> 
>> Allow dhcpcd DCHP Client daemon to start.  Add interface to allow
>> hostname daemon to talk to dhcpcd.
> 
>> Signed-off-by: Chris Richards <gizmo at giz-works.com>
>> ---
>>  policy/modules/system/sysnetwork.te |    4 ++--
>>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
>> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
>> index dfbe736..e0838f8 100644
>> --- a/policy/modules/system/sysnetwork.te
>> +++ b/policy/modules/system/sysnetwork.te
>> @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
>>  allow dhcpc_t self:tcp_socket create_stream_socket_perms;
>>  allow dhcpc_t self:udp_socket create_socket_perms;
>>  allow dhcpc_t self:packet_socket create_socket_perms;
>> -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
> 
> i might be wrong but are you sure that "r_netlink_socket_perms" is not
> enough?
> 
>> +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
> 
This would allow it to modify the routing table, which might make sense
for dhcp clients.
>>  allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
>>  read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
>> @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
> 
>>  kernel_read_system_state(dhcpc_t)
>>  kernel_read_network_state(dhcpc_t)
>> -kernel_search_network_sysctl(dhcpc_t)
>> +kernel_rw_network_sysctls(dhcpc_t)
>>  kernel_read_kernel_sysctls(dhcpc_t)
>>  kernel_request_load_module(dhcpc_t)
>>  kernel_use_fds(dhcpc_t)
> 
_______________________________________________
refpolicy mailing list
refpolicy at oss.tresys.com
http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0QsAoACgkQrlYvE4MpobNunQCg1QGLbZGff1V2ZrUYDi4WJjvh
Km0AmwTtYTVPKJrTmGCrt2FduRc49c7m
=vvj2
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list