[refpolicy] [PATCH 3/3] dnsmasq: allow exec shell for scripts

Jason Zaman jason at perfinion.com
Mon Apr 13 15:36:13 UTC 2015


dnsmasq has the --dhcp-script= option to execute scripts when leases are
given. dnsmasq needs to have shell access to run these.
---
 dnsmasq.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dnsmasq.te b/dnsmasq.te
index e2f8300..b3caf80 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t)
 kernel_read_system_state(dnsmasq_t)
 kernel_request_load_module(dnsmasq_t)
 
+corecmd_exec_shell(dnsmasq_t)
+
 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
 corenet_tcp_sendrecv_generic_if(dnsmasq_t)
-- 
2.0.5



More information about the refpolicy mailing list