[refpolicy] [PATCH 2/2] Support IPv6 Neighbor Discovery Protocol for dhcpcd

Sven Vermeulen sven.vermeulen at siphos.be
Tue May 7 14:37:06 EDT 2013


The dhcpcd client supports IPv6 NDP, but when trying to use it the request fails
with:

  ipv6rs: Permission denied

In the audit log, a denial is shown about dhcpc_t wanting to create a
rawip_socket. After allowing this, the client succeeds.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/system/sysnetwork.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 49c5dfe..e0e1556 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -53,6 +53,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
 allow dhcpc_t self:tcp_socket create_stream_socket_perms;
 allow dhcpc_t self:udp_socket create_socket_perms;
 allow dhcpc_t self:packet_socket create_socket_perms;
+allow dhcpc_t self:rawip_socket create_socket_perms;
 allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow dhcpc_t self:unix_stream_socket { accept listen connectto };
 
-- 
1.8.1.5



More information about the refpolicy mailing list