From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 9 May 2013 09:12:03 -0400 Subject: [refpolicy] [PATCH 2/2] Support IPv6 Neighbor Discovery Protocol for dhcpcd In-Reply-To: <1367951826-21257-3-git-send-email-sven.vermeulen@siphos.be> References: <1367951826-21257-1-git-send-email-sven.vermeulen@siphos.be> <1367951826-21257-3-git-send-email-sven.vermeulen@siphos.be> Message-ID: <518BA0A3.5040501@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/07/13 14:37, Sven Vermeulen wrote: > The dhcpcd client supports IPv6 NDP, but when trying to use it the request fails > with: > > ipv6rs: Permission denied > > In the audit log, a denial is shown about dhcpc_t wanting to create a > rawip_socket. After allowing this, the client succeeds. Thats odd; I don't see this on my IPv6 system. Which version of dhcpcd is this seen on? I'm using 5.6.8. > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/sysnetwork.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te > index 49c5dfe..e0e1556 100644 > --- a/policy/modules/system/sysnetwork.te > +++ b/policy/modules/system/sysnetwork.te > @@ -53,6 +53,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms; > allow dhcpc_t self:tcp_socket create_stream_socket_perms; > allow dhcpc_t self:udp_socket create_socket_perms; > allow dhcpc_t self:packet_socket create_socket_perms; > +allow dhcpc_t self:rawip_socket create_socket_perms; > allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write }; > allow dhcpc_t self:unix_stream_socket { accept listen connectto }; > > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com