From: gizmo@giz-works.com (Chris Richards) Date: Tue, 21 Dec 2010 12:16:08 -0600 Subject: [refpolicy] Fwd: Re: [PATCH 2/2] DHCPC daemon init network interface, try 2 Message-ID: <4D10EEE8.90301@giz-works.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/20/2010 04:31 PM, Dominick Grift wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote: >> From: Chris Richards >> >> Allow dhcpcd DCHP Client daemon to start. Add interface to allow >> hostname daemon to talk to dhcpcd. >> >> Signed-off-by: Chris Richards >> --- >> policy/modules/system/sysnetwork.te | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te >> index dfbe736..e0838f8 100644 >> --- a/policy/modules/system/sysnetwork.te >> +++ b/policy/modules/system/sysnetwork.te >> @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms; >> allow dhcpc_t self:tcp_socket create_stream_socket_perms; >> allow dhcpc_t self:udp_socket create_socket_perms; >> allow dhcpc_t self:packet_socket create_socket_perms; >> -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read }; > i might be wrong but are you sure that "r_netlink_socket_perms" is not > enough? > Yep, that was essentially what it had to start with, and nlmsg_write is necessary or some internal communications doesn't work correctly and the client never gets the DHCP address. Don't really know why, as it seems rather counter-intuitive to me. >> +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms; >> >> allow dhcpc_t dhcp_etc_t:dir list_dir_perms; >> read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t) >> @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t) >> >> kernel_read_system_state(dhcpc_t) >> kernel_read_network_state(dhcpc_t) >> -kernel_search_network_sysctl(dhcpc_t) >> +kernel_rw_network_sysctls(dhcpc_t) >> kernel_read_kernel_sysctls(dhcpc_t) >> kernel_request_load_module(dhcpc_t) >> kernel_use_fds(dhcpc_t) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.16 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0P2ScACgkQMlxVo39jgT/teQCfdnnCbA+ITSPZKuvdAnD42CEP > W08AnjJaxtrNINdPc9hz+qlYb+8iXwnH > =MijZ > -----END PGP SIGNATURE----- > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy >