Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2778AC43381 for ; Mon, 18 Feb 2019 15:15:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DE18F217D9 for ; Mon, 18 Feb 2019 15:15:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="YKvIW0hw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730497AbfBRPPG (ORCPT ); Mon, 18 Feb 2019 10:15:06 -0500 Received: from mail-eopbgr720135.outbound.protection.outlook.com ([40.107.72.135]:59465 "EHLO NAM05-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726302AbfBRPPG (ORCPT ); Mon, 18 Feb 2019 10:15:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N2tl73gDHso6Lr32jpWVmfK27ClCWNM4zxZyCQWBq1Q=; b=YKvIW0hw6MQ14B7HlgRlureIt6VP57dljk5AQMqUXD54BXGBgn73pIKKJZ2jYVHIBl6wnhi3uORRmKwTMRAr6TQ5mnL8SJFGQ9GQBXuCu27qN3iMvafm3pu2gVuwcqOWF2T0CfUQI/Q6uKhITXf4X73yK6PuanzEwutkG4NfbKg= Received: from CY4PR15MB1509.namprd15.prod.outlook.com (10.172.160.141) by CY4PR15MB1109.namprd15.prod.outlook.com (10.172.176.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.20; Mon, 18 Feb 2019 15:15:03 +0000 Received: from CY4PR15MB1509.namprd15.prod.outlook.com ([fe80::14f9:b981:d24b:f988]) by CY4PR15MB1509.namprd15.prod.outlook.com ([fe80::14f9:b981:d24b:f988%7]) with mapi id 15.20.1622.020; Mon, 18 Feb 2019 15:15:03 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] Allow init_t to read net_conf_t Thread-Topic: [PATCH] Allow init_t to read net_conf_t Thread-Index: AQHUx5y4++HwkqWso0u/05v0/mM6TQ== Date: Mon, 18 Feb 2019 15:15:03 +0000 Message-ID: <20190218151450.13208-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2601:154:c201:cca:6e88:14ff:fed4:292c] x-clientproxiedby: BN6PR14CA0037.namprd14.prod.outlook.com (2603:10b6:404:13f::23) To CY4PR15MB1509.namprd15.prod.outlook.com (2603:10b6:903:fd::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: da79384c-0647-4366-a652-08d695b3db24 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600110)(711020)(4605104)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:CY4PR15MB1109; x-ms-traffictypediagnostic: CY4PR15MB1109: x-microsoft-exchange-diagnostics: =?iso-8859-1?Q?1;CY4PR15MB1109;23:XuMmvle7NRU2b0+KjhQCW3+nWxN22enPFEpF+2o?= =?iso-8859-1?Q?EhRUPCnlRRbQbazfxH/Z/oYmqwyDqekbG9bvSfJC1WSG91uhNvjz5hYza1?= =?iso-8859-1?Q?tHb06Mqynt5tSTTupwKu96ER37tlaJV/Q017r/o7vQuJkKeTr/Ije10ujH?= =?iso-8859-1?Q?OTjuhwMWnYMuGVTQYZH1is4Y3GbURFciMbte7K0Bh5xdstaYD4o7sOpGvJ?= =?iso-8859-1?Q?bC1CNKRXqcq1hL/y5fQr7mC6c81hytjeKUhgvRzdB9wbbtW6J6I8b+pp/q?= =?iso-8859-1?Q?6MyEzU2+T9K2R9gfIMI7NlpW44u7FD9s7akbg8ooSqPLBQbpfF+QOBz82i?= =?iso-8859-1?Q?5MU0DkoM+9cCt+bHn5ztdGSacsekuDrv+8VtpCQBL0i3XFDYEv69dhr39c?= =?iso-8859-1?Q?IPI6xZXHNYReXM84906pQPRxM9Na0cEeqnJ99sj4ftIeq2mnQ8Cn30WmxG?= =?iso-8859-1?Q?kKRX+PP1aYVjyb5LkD/LOsA4/juxm4OBvn2YOjfJg6PB0uZ7ADK40sCp1u?= =?iso-8859-1?Q?jqiZ4f5Mysw2hCtxLHJssUmYrlaHFVaZWV2kXgwY+CvakdfZLQnIkxXchh?= =?iso-8859-1?Q?ySF3xq8gLt0S5wffxq6ID2PnhM0TKUbtHtnYb4BSuzo4lVCcdnRkaahEmW?= =?iso-8859-1?Q?Dq716ZO+xWoWSGDfkAmDTeiKD9Guj8BfdYSkHxvpxfVlz1pdkw5Q/Y2jZj?= =?iso-8859-1?Q?ND16GWT6lU6I9q7XbM4SYzd+G1S4fCLkyc8AYksh8qRqc6J0UCFtYFm7bh?= =?iso-8859-1?Q?+oTqzELmZeMHFP9MIHPaO7zfDJBraK17HKEGAWDdj9/4EoA2D0U22BBAZE?= =?iso-8859-1?Q?1x8aIDsKJKCK574rM3FykwwQEMWOZ8AGLOL5cqBMWmRufcUW8U5ooIkGiN?= =?iso-8859-1?Q?flka87IZhcIur4q9amUm99OqQ8GQWMDqcIXTz8VZ/o+zqHtqUTgj873VVi?= =?iso-8859-1?Q?y8D2XDzvIjwGRHdqlcbb+c/Z+dkIbKUfKRGNyamKWjSxY7RrVgZwATCUpD?= =?iso-8859-1?Q?Hv5ELtnDHBKv1CaNs/mKeqeuB+nhpmUQVmRyNB6N0nVa31zLlBa70RUCZD?= =?iso-8859-1?Q?GUZeVNe6yzoKh3r7E3Td45xG5wa9JD03K8oQQGEzMwAUtNZKNTY9OLMq+E?= =?iso-8859-1?Q?RN9VPzeNzE12PsSXD6aWe2V1/0YhLAsgCfxZ22GoGWdBxUD8ivyA51mmyu?= =?iso-8859-1?Q?/cXxSc252ZGIMJBI1OPFcEj3IPH+ngfig=3D=3D?= x-microsoft-antispam-prvs: x-forefront-prvs: 09525C61DB x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(136003)(376002)(39830400003)(366004)(396003)(189003)(199004)(6506007)(386003)(508600001)(46003)(305945005)(102836004)(14454004)(186003)(1076003)(99286004)(6916009)(486006)(52116002)(476003)(4744005)(7736002)(2616005)(97736004)(256004)(14444005)(6116002)(2501003)(8676002)(81156014)(50226002)(2906002)(81166006)(71200400001)(71190400001)(5640700003)(316002)(53936002)(8936002)(6512007)(6486002)(68736007)(6436002)(5660300002)(106356001)(105586002)(2351001)(86362001)(36756003)(25786009);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR15MB1109;H:CY4PR15MB1509.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: rIo6PbAeHQcI9DWVG1I+4Z2Euu0AieHdoDXE84jnlvA8vCBbHCGRnid+s/F7vtRnxC78JXlDKnSBG0S5rEnNn7hM7pwxJVsPdgwJ7icoFJeEFSKaG1n9eP9UeJaRVUsypltsfNDEG1mX8dJAgSBL0Y4+zW6LfeOjoB5ChpC1MqAMU5glX2bQvdGus2koU3rxwDg2++kDmK++dRBgdJzojYjnmHD0wsC7qIi868v1165h26RyFVocYaVcjzASVTRAVMV7w+Ly9YxbGSH/hGJ9wneaRXqkKz5LjZbSA1OcVVstyajSF3NaOEpXBNkC7skbhQkOhZYLeFT29lRTZ8gwmon3+GLCzw2w8cat+XTybcpCMLg6jYa1gwyeWvOPtLRpY/YSbwuLr8KwemW2HeLLh09XvXu3qBDgmYB3jBUDcM0= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: da79384c-0647-4366-a652-08d695b3db24 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2019 15:15:02.5708 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1109 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org init (systemd) needs to read /etc/hostname during boot to retreive the hostname to apply to the system. Feb 06 18:37:06 localhost.localdomain kernel: type=3D1400 audit(1549478223.= 842:3): avc: denied { read } for pid=3D1 comm=3D"systemd" name=3D"hostna= me" dev=3D"dm-1" ino=3D1262975 scontext=3Dsystem_u:system_r:init_t:s0 tcont= ext=3Dsystem_u:object_r:net_conf_t:s0 tclass=3Dfile permissive=3D0 Signed-off-by: Dave Sugar --- policy/modules/system/init.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index eabba1ed..735a3b81 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -409,6 +409,8 @@ ifdef(`init_systemd',` # lvm2-activation-generator checks file labels seutil_read_file_contexts(init_t) =20 + sysnet_read_config(init_t) + systemd_getattr_updated_runtime(init_t) systemd_manage_passwd_runtime_symlinks(init_t) systemd_use_passwd_agent(init_t) --=20 2.20.1