From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 23 Oct 2014 08:13:19 -0400
Subject: [refpolicy] [PATCH 1/3] Label /sbin/iw as ifconfig_exec_t
In-Reply-To: <1413639022-27375-1-git-send-email-nicolas.iooss@m4x.org>
References: <1413639022-27375-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <5448F0DF.2050708@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/18/2014 9:30 AM, Nicolas Iooss wrote:
> iw manpage says "iw - show / manipulate wireless devices and their
> configuration".  Label this command ifconfig_exec_t to allow it to
> manage wireless communication devices.
> 
> Debian installs iw in /sbin/iw, Fedora in /usr/sbin/iw and Arch Linux in
> /usr/bin/iw (with /usr/sbin being a symlink to /usr/bin).

Merged.


> ---
>  policy/modules/system/sysnetwork.fc | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
> index fa7a406acf80..fbb935c608fe 100644
> --- a/policy/modules/system/sysnetwork.fc
> +++ b/policy/modules/system/sysnetwork.fc
> @@ -48,6 +48,7 @@ ifdef(`distro_redhat',`
>  /sbin/ipx_configure	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/ipx_interface	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/ipx_internal_net	--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
> +/sbin/iw		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/iwconfig		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/mii-tool		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /sbin/pump		--	gen_context(system_u:object_r:dhcpc_exec_t,s0)
> @@ -56,6 +57,7 @@ ifdef(`distro_redhat',`
>  #
>  # /usr
>  #
> +/usr/sbin/iw		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  /usr/sbin/tc		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
>  
>  #
> 

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com