[refpolicy] [PATCH 1/3] Label /sbin/iw as ifconfig_exec_t

Christopher J. PeBenito cpebenito at tresys.com
Thu Oct 23 12:13:19 UTC 2014


On 10/18/2014 9:30 AM, Nicolas Iooss wrote:
> iw manpage says "iw - show / manipulate wireless devices and their
> configuration".  Label this command ifconfig_exec_t to allow it to
> manage wireless communication devices.
> 
> Debian installs iw in /sbin/iw, Fedora in /usr/sbin/iw and Arch Linux in
> /usr/bin/iw (with /usr/sbin being a symlink to /usr/bin).

Merged.


> ---
>  policy/modules/system/sysnetwork.fc | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
> index fa7a406acf80..fbb935c608fe 100644
> --- a/policy/modules/system/sysnetwork.fc
> +++ b/policy/modules/system/sysnetwork.fc
> @@ -48,6 +48,7 @@ ifdef(`distro_redhat',`
>  /sbin/ipx_configure	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/ipx_interface	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/ipx_internal_net	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
> +/sbin/iw		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/iwconfig		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/mii-tool		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/pump		--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
> @@ -56,6 +57,7 @@ ifdef(`distro_redhat',`
>  #
>  # /usr
>  #
> +/usr/sbin/iw		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /usr/sbin/tc		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  
>  #
> 

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list