From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 4 Apr 2014 16:19:11 -0400
Subject: [refpolicy] [PATCH 3/3] dnsmasq reads MTU sysctl
In-Reply-To: <1396188552-16007-4-git-send-email-sven.vermeulen@siphos.be>
References: <1396188552-16007-1-git-send-email-sven.vermeulen@siphos.be>
	<1396188552-16007-4-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <533F13BF.4070404@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/30/2014 10:09 AM, Sven Vermeulen wrote:
> The dnsmasq application reads in the value of the
> /proc/sys/net/ipv6/conf/*/mtu values.
> 
> This is confirmed through looking at the source code of dnsmasq, in
> src/radv.c.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  dnsmasq.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/dnsmasq.te b/dnsmasq.te
> index ede2f1e..08ea853 100644
> --- a/dnsmasq.te
> +++ b/dnsmasq.te
> @@ -52,6 +52,7 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
>  files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, { dir file })
>  
>  kernel_read_kernel_sysctls(dnsmasq_t)
> +kernel_read_net_sysctls(dnsmasq_t)
>  kernel_read_network_state(dnsmasq_t)
>  kernel_read_system_state(dnsmasq_t)
>  kernel_request_load_module(dnsmasq_t)
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com