Regarding /usr/lib/NetworkManager/nm-dispatcher, you asked for more
information when I submitted a patch changing the context.
Currently it has type NetworkManager_initrc_exec_t which implies that it's
part of a start script when it's really a program that's doing the actual
work. Also that type means that when a laptop resumes from suspend it gets
run in domain initrc_t which is not appropriate for it.
We could have a domain_auto_trans for type NetworkManager_initrc_exec_t but I
think it's more appropriate to give it a label that more accurately reflects
it's use.
What do you think Chris?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On 9/26/2023 4:09 AM, Russell Coker wrote:
> Regarding /usr/lib/NetworkManager/nm-dispatcher, you asked for more
> information when I submitted a patch changing the context.
>
> Currently it has type NetworkManager_initrc_exec_t which implies that it's
> part of a start script when it's really a program that's doing the actual
> work. Also that type means that when a laptop resumes from suspend it gets
> run in domain initrc_t which is not appropriate for it.
>
> We could have a domain_auto_trans for type NetworkManager_initrc_exec_t but I
> think it's more appropriate to give it a label that more accurately reflects
> it's use.
>
> What do you think Chris?
I agree that NetworkManager_initrc_exec_t doesn't fit. It could warrant
its own domain, like audisp, but I'm unsure without more info about the
types of access it needs. i.e. more specific info than is in the man page.
--
Chris PeBenito