From: domg472@gmail.com (Dominick Grift) Date: Mon, 20 Dec 2010 23:35:12 +0100 Subject: [refpolicy] [PATCH 1/2] DHCPC daemon init network interface, try 2 In-Reply-To: <1292884138-6533-1-git-send-email-gizmo@giz-works.com> References: <1292884138-6533-1-git-send-email-gizmo@giz-works.com> Message-ID: <4D0FDA20.6030506@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/20/2010 11:28 PM, gizmo at giz-works.com wrote: > From: Chris Richards > > Allow dhcpcd DCHP Client daemon to start. Add interface to allow > hostname daemon to talk to dhcpcd. > > Signed-off-by: Chris Richards > --- > policy/modules/system/sysnetwork.if | 18 ++++++++++++++++++ > 1 files changed, 18 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if > index 8e71fb7..2fa6d98 100644 > --- a/policy/modules/system/sysnetwork.if > +++ b/policy/modules/system/sysnetwork.if > @@ -196,6 +196,24 @@ interface(`sysnet_dbus_chat_dhcpc',` > > ######################################## > ##

> +## Read and write the dhcp client unix > +## stream socket > +##

> +## > +##

> +## Domain allowed access. > +##

> +## > +# > +interface(`sysnet_rw_dhcpc_stream_sockets',` > + gen_require(` > + type dhcpc_t; > + ') > + allow $1 dhcpc_t:unix_stream_socket { read write }; > +') This is, in my experience, usually a side effect is stream connect. but i cannot find any "sysnet_stream_connect_dhcpc_stream_connect". can this be dontaudited without losing functionality? > +######################################## > +##

> ## Read and write dhcp configuration files. > ##

> ## -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0P2iAACgkQMlxVo39jgT9TwwCgoUKe+ghCdt+UxZP/vOKK//Oq fyMAoJXu60jT05lVt8ouqxW7utYaor0d =TPb3 -----END PGP SIGNATURE-----