[refpolicy] Fwd: Re: [PATCH 2/2] DHCPC daemon init network interface, try 2

Chris Richards gizmo at giz-works.com
Tue Dec 21 12:16:08 CST 2010


On 12/20/2010 04:31 PM, Dominick Grift wrote:

>  -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote:
>>  From: Chris Richards<gizmo at giz-works.com>
>>
>>  Allow dhcpcd DCHP Client daemon to start.  Add interface to allow
>>  hostname daemon to talk to dhcpcd.
>>
>>  Signed-off-by: Chris Richards<gizmo at giz-works.com>
>>  ---
>>    policy/modules/system/sysnetwork.te |    4 ++--
>>    1 files changed, 2 insertions(+), 2 deletions(-)
>>
>>  diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
>>  index dfbe736..e0838f8 100644
>>  --- a/policy/modules/system/sysnetwork.te
>>  +++ b/policy/modules/system/sysnetwork.te
>>  @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
>>    allow dhcpc_t self:tcp_socket create_stream_socket_perms;
>>    allow dhcpc_t self:udp_socket create_socket_perms;
>>    allow dhcpc_t self:packet_socket create_socket_perms;
>>  -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
>  i might be wrong but are you sure that "r_netlink_socket_perms" is not
>  enough?
>
Yep, that was essentially what it had to start with, and nlmsg_write is
necessary or some internal communications doesn't work correctly and the
client never gets the DHCP address.  Don't really know why, as it seems
rather counter-intuitive to me.

>>  +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
>>
>>    allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
>>    read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
>>  @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
>>
>>    kernel_read_system_state(dhcpc_t)
>>    kernel_read_network_state(dhcpc_t)
>>  -kernel_search_network_sysctl(dhcpc_t)
>>  +kernel_rw_network_sysctls(dhcpc_t)
>>    kernel_read_kernel_sysctls(dhcpc_t)
>>    kernel_request_load_module(dhcpc_t)
>>    kernel_use_fds(dhcpc_t)
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v2.0.16 (GNU/Linux)
>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
>  iEYEARECAAYFAk0P2ScACgkQMlxVo39jgT/teQCfdnnCbA+ITSPZKuvdAnD42CEP
>  W08AnjJaxtrNINdPc9hz+qlYb+8iXwnH
>  =MijZ
>  -----END PGP SIGNATURE-----
>  _______________________________________________
>  refpolicy mailing list
>  refpolicy at oss.tresys.com
>  http://oss.tresys.com/mailman/listinfo/refpolicy
>



More information about the refpolicy mailing list