dhcpcd executes scripts in /usr/lib/dhcpcd/:
avc: denied { execute_no_trans } for pid=608 comm="dhcpcd"
path="/usr/lib/dhcpcd/dhcpcd-run-hooks" dev="vda1" ino=406981
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:lib_t
tclass=file permissive=1
---
policy/modules/kernel/corecommands.fc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index d30445437fc2..ce4218fed6dd 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -165,6 +165,8 @@ ifdef(`distro_gentoo',`
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0)
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
@@ -338,8 +340,6 @@ ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
-
/usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
--
2.14.1
On 08/12/2017 05:51 AM, Nicolas Iooss via refpolicy wrote:
> dhcpcd executes scripts in /usr/lib/dhcpcd/:
>
> avc: denied { execute_no_trans } for pid=608 comm="dhcpcd"
> path="/usr/lib/dhcpcd/dhcpcd-run-hooks" dev="vda1" ino=406981
> scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:lib_t
> tclass=file permissive=1
> ---
> policy/modules/kernel/corecommands.fc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index d30445437fc2..ce4218fed6dd 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -165,6 +165,8 @@ ifdef(`distro_gentoo',`
> /usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
> @@ -338,8 +340,6 @@ ifdef(`distro_gentoo', `
> /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
>
> -/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
> -
> /usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
Merged.
--
Chris PeBenito