From: jason@perfinion.com (Jason Zaman) Date: Mon, 13 Apr 2015 19:36:13 +0400 Subject: [refpolicy] [PATCH 3/3] dnsmasq: allow exec shell for scripts In-Reply-To: <1428939373-20020-1-git-send-email-jason@perfinion.com> References: <1428939373-20020-1-git-send-email-jason@perfinion.com> Message-ID: <1428939373-20020-3-git-send-email-jason@perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com dnsmasq has the --dhcp-script= option to execute scripts when leases are given. dnsmasq needs to have shell access to run these. --- dnsmasq.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsmasq.te b/dnsmasq.te index e2f8300..b3caf80 100644 --- a/dnsmasq.te +++ b/dnsmasq.te @@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t) kernel_read_system_state(dnsmasq_t) kernel_request_load_module(dnsmasq_t) +corecmd_exec_shell(dnsmasq_t) + corenet_all_recvfrom_unlabeled(dnsmasq_t) corenet_all_recvfrom_netlabel(dnsmasq_t) corenet_tcp_sendrecv_generic_if(dnsmasq_t) -- 2.0.5