From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 15 Dec 2010 15:02:27 -0500 Subject: [refpolicy] [PATCH 1/2] DHCPC daemon init network interface In-Reply-To: <1290933932-9193-1-git-send-email-gizmo@giz-works.com> References: <1290933932-9193-1-git-send-email-gizmo@giz-works.com> Message-ID: <4D091ED3.80107@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/28/10 03:45, Chris Richards wrote: > Allow dhcpcd DHCP Client daemon to start. Add interface to allow > hostname daemon to talk to dhcpcd. > > Signed-off-by: Chris Richards > --- > policy/modules/system/sysnetwork.if | 19 +++++++++++++++++++ > 1 files changed, 19 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if > index 8e71fb7..73bb9e8 100644 > --- a/policy/modules/system/sysnetwork.if > +++ b/policy/modules/system/sysnetwork.if > @@ -196,6 +196,24 @@ interface(`sysnet_dbus_chat_dhcpc',` > > ######################################## > ##

> +## Read and write the dhcp client unix > +## stream socket > +##

> +## > +##

> +## Domain allowed access. > +##

> +## > +# > +interface(`sysnet_rw_stream_sockets_dhcpc',` sysnet_rw_dhcpc_stream_sockets() > + gen_require(` > + type dhcpc_t; > + ') > + allow $1 dhcpc_t:unix_stream_socket { read write }; > +') > + > +######################################## > +##

> ## Read and write dhcp configuration files. > ##

> ## > @@ -711,3 +729,4 @@ interface(`sysnet_use_portmap',` > > sysnet_read_config($1) > ') > + -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com