From: dac.override@gmail.com (Dominick Grift) Date: Mon, 13 Apr 2015 21:33:34 +0200 Subject: [refpolicy] [PATCH 3/3] dnsmasq: allow exec shell for scripts In-Reply-To: <1428939373-20020-3-git-send-email-jason@perfinion.com> References: <1428939373-20020-1-git-send-email-jason@perfinion.com> <1428939373-20020-3-git-send-email-jason@perfinion.com> Message-ID: <20150413193332.GG32570@x131e> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Apr 13, 2015 at 07:36:13PM +0400, Jason Zaman wrote: > dnsmasq has the --dhcp-script= option to execute scripts when leases are > given. dnsmasq needs to have shell access to run these. Thanks. Merged > --- > dnsmasq.te | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/dnsmasq.te b/dnsmasq.te > index e2f8300..b3caf80 100644 > --- a/dnsmasq.te > +++ b/dnsmasq.te > @@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t) > kernel_read_system_state(dnsmasq_t) > kernel_request_load_module(dnsmasq_t) > > +corecmd_exec_shell(dnsmasq_t) > + > corenet_all_recvfrom_unlabeled(dnsmasq_t) > corenet_all_recvfrom_netlabel(dnsmasq_t) > corenet_tcp_sendrecv_generic_if(dnsmasq_t) > -- > 2.0.5 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150413/99c9cd42/attachment.bin