2010-12-21 18:16:49

by gizmo

[permalink] [raw]
Subject: [refpolicy] Fwd: Re: [PATCH 1/2] DHCPC daemon init network interface, try 2

On 12/20/2010 04:35 PM, Dominick Grift wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/20/2010 11:28 PM, gizmo at giz-works.com wrote:
>> From: Chris Richards<[email protected]>
>>
>> Allow dhcpcd DCHP Client daemon to start. Add interface to allow
>> hostname daemon to talk to dhcpcd.
>>
>> Signed-off-by: Chris Richards<[email protected]>
>> ---
>> policy/modules/system/sysnetwork.if | 18 ++++++++++++++++++
>> 1 files changed, 18 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
>> index 8e71fb7..2fa6d98 100644
>> --- a/policy/modules/system/sysnetwork.if
>> +++ b/policy/modules/system/sysnetwork.if
>> @@ -196,6 +196,24 @@ interface(`sysnet_dbus_chat_dhcpc',`
>>
>> ########################################
>> ##<summary>
>> +## Read and write the dhcp client unix
>> +## stream socket
>> +##</summary>
>> +##<param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +##</param>
>> +#
>> +interface(`sysnet_rw_dhcpc_stream_sockets',`
>> + gen_require(`
>> + type dhcpc_t;
>> + ')
>> + allow $1 dhcpc_t:unix_stream_socket { read write };
>> +')
> This is, in my experience, usually a side effect is stream connect. but
> i cannot find any "sysnet_stream_connect_dhcpc_stream_connect". can this
> be dontaudited without losing functionality?
>
No, as it is necessary to allow hostnamed to set the hostname obtained
via dhcpcd. Now, whether or not that is a functionality that we need to
actually WORRY about losing is a whole 'nuther discussion. I'm not
familiar enough with the use cases to evaluate whether it's even
something to really mess with.
>> +########################################
>> +##<summary>
>> ## Read and write dhcp configuration files.
>> ##</summary>
>> ##<param name="domain">
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0P2iAACgkQMlxVo39jgT9TwwCgoUKe+ghCdt+UxZP/vOKK//Oq
> fyMAoJXu60jT05lVt8ouqxW7utYaor0d
> =TPb3
> -----END PGP SIGNATURE-----
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>