[refpolicy] [PATCH 1/3] Label /sbin/iw as ifconfig_exec_t
Nicolas Iooss
nicolas.iooss at m4x.org
Sat Oct 18 13:30:20 UTC 2014
iw manpage says "iw - show / manipulate wireless devices and their
configuration". Label this command ifconfig_exec_t to allow it to
manage wireless communication devices.
Debian installs iw in /sbin/iw, Fedora in /usr/sbin/iw and Arch Linux in
/usr/bin/iw (with /usr/sbin being a symlink to /usr/bin).
---
policy/modules/system/sysnetwork.fc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index fa7a406acf80..fbb935c608fe 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -48,6 +48,7 @@ ifdef(`distro_redhat',`
/sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/iw -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/iwconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/mii-tool -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/pump -- gen_context(system_u:object_r:dhcpc_exec_t,s0)
@@ -56,6 +57,7 @@ ifdef(`distro_redhat',`
#
# /usr
#
+/usr/sbin/iw -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/usr/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
#
--
2.1.2
More information about the refpolicy
mailing list