From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue,  7 May 2013 20:37:06 +0200
Subject: [refpolicy] [PATCH 2/2] Support IPv6 Neighbor Discovery Protocol
	for dhcpcd
In-Reply-To: <1367951826-21257-1-git-send-email-sven.vermeulen@siphos.be>
References: <1367951826-21257-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1367951826-21257-3-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The dhcpcd client supports IPv6 NDP, but when trying to use it the request fails
with:

  ipv6rs: Permission denied

In the audit log, a denial is shown about dhcpc_t wanting to create a
rawip_socket. After allowing this, the client succeeds.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/sysnetwork.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 49c5dfe..e0e1556 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -53,6 +53,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
 allow dhcpc_t self:tcp_socket create_stream_socket_perms;
 allow dhcpc_t self:udp_socket create_socket_perms;
 allow dhcpc_t self:packet_socket create_socket_perms;
+allow dhcpc_t self:rawip_socket create_socket_perms;
 allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow dhcpc_t self:unix_stream_socket { accept listen connectto };
 
-- 
1.8.1.5