[refpolicy] [PATCH 2/2] DHCPC daemon init network interface
Dominick Grift
domg472 at gmail.com
Sun Nov 28 04:10:01 CST 2010
On Sun, Nov 28, 2010 at 02:45:59AM -0600, Chris Richards wrote:
> Signed-off-by: Chris Richards <gizmo at giz-works.com>
> ---
> policy/modules/system/sysnetwork.te | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index dfbe736..640334d 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
> allow dhcpc_t self:tcp_socket create_stream_socket_perms;
> allow dhcpc_t self:udp_socket create_socket_perms;
> allow dhcpc_t self:packet_socket create_socket_perms;
> -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
> +allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
i am not sure but i suspect we may be able to use create_netlink_socket_perms here
>
> allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
> read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
> @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
>
> kernel_read_system_state(dhcpc_t)
> kernel_read_network_state(dhcpc_t)
> -kernel_search_network_sysctl(dhcpc_t)
> +kernel_rw_net_sysctls(dhcpc_t)
> kernel_read_kernel_sysctls(dhcpc_t)
> kernel_request_load_module(dhcpc_t)
> kernel_use_fds(dhcpc_t)
> --
> 1.7.3.2
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
More information about the refpolicy
mailing list