From: gizmo@giz-works.com (Chris Richards)
Date: Tue, 21 Dec 2010 12:16:49 -0600
Subject: [refpolicy] Fwd: Re: [PATCH 1/2] DHCPC daemon init network
 interface, try 2
Message-ID: <4D10EF11.4040501@giz-works.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/20/2010 04:35 PM, Dominick Grift wrote:

>  -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  On 12/20/2010 11:28 PM, gizmo at giz-works.com wrote:
>>  From: Chris Richards<gizmo@giz-works.com>
>>
>>  Allow dhcpcd DCHP Client daemon to start.  Add interface to allow
>>  hostname daemon to talk to dhcpcd.
>>
>>  Signed-off-by: Chris Richards<gizmo@giz-works.com>
>>  ---
>>    policy/modules/system/sysnetwork.if |   18 ++++++++++++++++++
>>    1 files changed, 18 insertions(+), 0 deletions(-)
>>
>>  diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
>>  index 8e71fb7..2fa6d98 100644
>>  --- a/policy/modules/system/sysnetwork.if
>>  +++ b/policy/modules/system/sysnetwork.if
>>  @@ -196,6 +196,24 @@ interface(`sysnet_dbus_chat_dhcpc',`
>>
>>    ########################################
>>    ##<summary>
>>  +##	Read and write the dhcp client unix
>>  +##      stream socket
>>  +##</summary>
>>  +##<param name="domain">
>>  +##	<summary>
>>  +##	Domain allowed access.
>>  +##	</summary>
>>  +##</param>
>>  +#
>>  +interface(`sysnet_rw_dhcpc_stream_sockets',`
>>  +	gen_require(`
>>  +		type dhcpc_t;
>>  +	')		
>>  +	allow $1 dhcpc_t:unix_stream_socket { read write };
>>  +')
>  This is, in my experience, usually a side effect is stream connect. but
>  i cannot find any "sysnet_stream_connect_dhcpc_stream_connect". can this
>  be dontaudited without losing functionality?
>
No, as it is necessary to allow hostnamed to set the hostname obtained
via dhcpcd.  Now, whether or not that is a functionality that we need to
actually WORRY about losing is a whole 'nuther discussion.  I'm not
familiar enough with the use cases to evaluate whether it's even
something to really mess with.
>>  +########################################
>>  +##<summary>
>>    ##	Read and write dhcp configuration files.
>>    ##</summary>
>>    ##<param name="domain">
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v2.0.16 (GNU/Linux)
>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
>  iEYEARECAAYFAk0P2iAACgkQMlxVo39jgT9TwwCgoUKe+ghCdt+UxZP/vOKK//Oq
>  fyMAoJXu60jT05lVt8ouqxW7utYaor0d
>  =TPb3
>  -----END PGP SIGNATURE-----
>  _______________________________________________
>  refpolicy mailing list
>  refpolicy at oss.tresys.com
>  http://oss.tresys.com/mailman/listinfo/refpolicy
>