LinuxLists.cc - [refpolicy] [PATCH 1/1] Allow dhcpcd to use generic netlink and raw IP sockets

2017-08-17 06:23:53

Subject: [refpolicy] [PATCH 1/1] Allow dhcpcd to use generic netlink and raw IP sockets

dhcpcd uses a raw IPv6 socket to receive router advertisement and
neighbor advertisement packets in
https://roy.marples.name/git/dhcpcd.git/tree/ipv6nd.c?h=dhcpcd-6.11.5
and uses NETLINK_GENERIC in
https://roy.marples.name/git/dhcpcd.git/tree/if-linux.c?h=dhcpcd-6.11.5
for some NetLink sockets.
---
policy/modules/system/sysnetwork.te | 2 ++
1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 1acf13d5ed5e..892f96445c3a 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -57,7 +57,9 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
+allow dhcpc_t self:netlink_generic_socket create_socket_perms;
allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
+allow dhcpc_t self:rawip_socket create_socket_perms;

allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
--
2.14.1

2017-08-19 16:03:28

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] Allow dhcpcd to use generic netlink and raw IP sockets

On 08/17/2017 02:23 AM, Nicolas Iooss via refpolicy wrote:
> dhcpcd uses a raw IPv6 socket to receive router advertisement and
> neighbor advertisement packets in
> https://roy.marples.name/git/dhcpcd.git/tree/ipv6nd.c?h=dhcpcd-6.11.5
> and uses NETLINK_GENERIC in
> https://roy.marples.name/git/dhcpcd.git/tree/if-linux.c?h=dhcpcd-6.11.5
> for some NetLink sockets.
> ---
> policy/modules/system/sysnetwork.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index 1acf13d5ed5e..892f96445c3a 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -57,7 +57,9 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
> allow dhcpc_t self:tcp_socket create_stream_socket_perms;
> allow dhcpc_t self:udp_socket create_socket_perms;
> allow dhcpc_t self:packet_socket create_socket_perms;
> +allow dhcpc_t self:netlink_generic_socket create_socket_perms;
> allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
> +allow dhcpc_t self:rawip_socket create_socket_perms;
>
> allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
> read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)

Merged.

--
Chris PeBenito