From: jason@perfinion.com (Jason Zaman)
Date: Mon, 13 Apr 2015 19:36:13 +0400
Subject: [refpolicy] [PATCH 3/3] dnsmasq: allow exec shell for scripts
In-Reply-To: <1428939373-20020-1-git-send-email-jason@perfinion.com>
References: <1428939373-20020-1-git-send-email-jason@perfinion.com>
Message-ID: <1428939373-20020-3-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

dnsmasq has the --dhcp-script= option to execute scripts when leases are
given. dnsmasq needs to have shell access to run these.
---
 dnsmasq.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dnsmasq.te b/dnsmasq.te
index e2f8300..b3caf80 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t)
 kernel_read_system_state(dnsmasq_t)
 kernel_request_load_module(dnsmasq_t)
 
+corecmd_exec_shell(dnsmasq_t)
+
 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
 corenet_tcp_sendrecv_generic_if(dnsmasq_t)
-- 
2.0.5