From: gizmo@giz-works.com (Chris Richards) Date: Fri, 07 Jan 2011 01:00:16 -0600 Subject: [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2 In-Reply-To: <4D25BDB7.6050103@tresys.com> References: <1292884158-6603-1-git-send-email-gizmo@giz-works.com> <4D248F2E.2010304@tresys.com> <4D24C7B3.1000004@giz-works.com> <4D25BDB7.6050103@tresys.com> Message-ID: <4D26BA00.8040705@giz-works.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/06/2011 07:03 AM, Christopher J. PeBenito wrote: > On 01/05/11 14:34, Chris Richards wrote: >> On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote: >>> On 12/20/10 17:29, gizmo at giz-works.com wrote: >>>> From: Chris Richards >>>> >>>> Allow the hostname daemon to configure the system hostname according >>>> to information obtained from dhcpcd DHCP Client daemon. >>> Are you sure these aren't from a leaked fd? >>> >> Not 100%, no. How would I tell? > Did you try dontauditing it? If its leaked it would work without the > access. I am unable to reproduce even the AVC that caused this. Since this was a corner-case anyway, let's just table this patch for the time being. It's not going to affect very many people, and if I can reproduce it, I'll see if I can investigate it a bit more thoroughly. >>>> Signed-off-by: Chris Richards >>>> --- >>>> policy/modules/system/hostname.te | 2 ++ >>>> 1 files changed, 2 insertions(+), 0 deletions(-) >>>> >>>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te >>>> index c310775..8509560 100644 >>>> --- a/policy/modules/system/hostname.te >>>> +++ b/policy/modules/system/hostname.te >>>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t) >>>> >>>> logging_send_syslog_msg(hostname_t) >>>> >>>> +sysnet_rw_dhcpc_stream_sockets(hostname_t) >>>> + >>>> miscfiles_read_localization(hostname_t) >>>> >>>> sysnet_read_config(hostname_t) >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >