From: domg472@gmail.com (Dominick Grift) Date: Mon, 20 Dec 2010 23:31:03 +0100 Subject: [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2 In-Reply-To: <1292884142-6568-1-git-send-email-gizmo@giz-works.com> References: <1292884142-6568-1-git-send-email-gizmo@giz-works.com> Message-ID: <4D0FD927.3000608@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote: > From: Chris Richards > > Allow dhcpcd DCHP Client daemon to start. Add interface to allow > hostname daemon to talk to dhcpcd. > > Signed-off-by: Chris Richards > --- > policy/modules/system/sysnetwork.te | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te > index dfbe736..e0838f8 100644 > --- a/policy/modules/system/sysnetwork.te > +++ b/policy/modules/system/sysnetwork.te > @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms; > allow dhcpc_t self:tcp_socket create_stream_socket_perms; > allow dhcpc_t self:udp_socket create_socket_perms; > allow dhcpc_t self:packet_socket create_socket_perms; > -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read }; i might be wrong but are you sure that "r_netlink_socket_perms" is not enough? > +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms; > > allow dhcpc_t dhcp_etc_t:dir list_dir_perms; > read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t) > @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t) > > kernel_read_system_state(dhcpc_t) > kernel_read_network_state(dhcpc_t) > -kernel_search_network_sysctl(dhcpc_t) > +kernel_rw_network_sysctls(dhcpc_t) > kernel_read_kernel_sysctls(dhcpc_t) > kernel_request_load_module(dhcpc_t) > kernel_use_fds(dhcpc_t) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0P2ScACgkQMlxVo39jgT/teQCfdnnCbA+ITSPZKuvdAnD42CEP W08AnjJaxtrNINdPc9hz+qlYb+8iXwnH =MijZ -----END PGP SIGNATURE-----