From: Chris Richards <[email protected]>
Allow the hostname daemon to configure the system hostname according
to information obtained from dhcpcd DHCP Client daemon.
Signed-off-by: Chris Richards <[email protected]>
---
policy/modules/system/hostname.te | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index c310775..8509560 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
logging_send_syslog_msg(hostname_t)
+sysnet_rw_dhcpc_stream_sockets(hostname_t)
+
miscfiles_read_localization(hostname_t)
sysnet_read_config(hostname_t)
--
1.7.3.2
On 12/20/10 17:29, gizmo at giz-works.com wrote:
> From: Chris Richards <[email protected]>
>
> Allow the hostname daemon to configure the system hostname according
> to information obtained from dhcpcd DHCP Client daemon.
Are you sure these aren't from a leaked fd?
> Signed-off-by: Chris Richards <[email protected]>
> ---
> policy/modules/system/hostname.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
> index c310775..8509560 100644
> --- a/policy/modules/system/hostname.te
> +++ b/policy/modules/system/hostname.te
> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>
> logging_send_syslog_msg(hostname_t)
>
> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
> +
> miscfiles_read_localization(hostname_t)
>
> sysnet_read_config(hostname_t)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>> From: Chris Richards<[email protected]>
>>
>> Allow the hostname daemon to configure the system hostname according
>> to information obtained from dhcpcd DHCP Client daemon.
> Are you sure these aren't from a leaked fd?
>
Not 100%, no. How would I tell?
>> Signed-off-by: Chris Richards<[email protected]>
>> ---
>> policy/modules/system/hostname.te | 2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>> index c310775..8509560 100644
>> --- a/policy/modules/system/hostname.te
>> +++ b/policy/modules/system/hostname.te
>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>
>> logging_send_syslog_msg(hostname_t)
>>
>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>> +
>> miscfiles_read_localization(hostname_t)
>>
>> sysnet_read_config(hostname_t)
>
On 01/05/11 14:34, Chris Richards wrote:
> On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
>> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>>> From: Chris Richards<[email protected]>
>>>
>>> Allow the hostname daemon to configure the system hostname according
>>> to information obtained from dhcpcd DHCP Client daemon.
>> Are you sure these aren't from a leaked fd?
>>
> Not 100%, no. How would I tell?
Did you try dontauditing it? If its leaked it would work without the
access.
>>> Signed-off-by: Chris Richards<[email protected]>
>>> ---
>>> policy/modules/system/hostname.te | 2 ++
>>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>>> index c310775..8509560 100644
>>> --- a/policy/modules/system/hostname.te
>>> +++ b/policy/modules/system/hostname.te
>>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>>
>>> logging_send_syslog_msg(hostname_t)
>>>
>>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>>> +
>>> miscfiles_read_localization(hostname_t)
>>>
>>> sysnet_read_config(hostname_t)
>>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 01/06/2011 07:03 AM, Christopher J. PeBenito wrote:
> On 01/05/11 14:34, Chris Richards wrote:
>> On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
>>> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>>>> From: Chris Richards<[email protected]>
>>>>
>>>> Allow the hostname daemon to configure the system hostname according
>>>> to information obtained from dhcpcd DHCP Client daemon.
>>> Are you sure these aren't from a leaked fd?
>>>
>> Not 100%, no. How would I tell?
> Did you try dontauditing it? If its leaked it would work without the
> access.
I am unable to reproduce even the AVC that caused this. Since this was
a corner-case anyway, let's just table this patch for the time being.
It's not going to affect very many people, and if I can reproduce it,
I'll see if I can investigate it a bit more thoroughly.
>>>> Signed-off-by: Chris Richards<[email protected]>
>>>> ---
>>>> policy/modules/system/hostname.te | 2 ++
>>>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>>>> index c310775..8509560 100644
>>>> --- a/policy/modules/system/hostname.te
>>>> +++ b/policy/modules/system/hostname.te
>>>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>>>
>>>> logging_send_syslog_msg(hostname_t)
>>>>
>>>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>>>> +
>>>> miscfiles_read_localization(hostname_t)
>>>>
>>>> sysnet_read_config(hostname_t)
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>