From: dac.override@gmail.com (Dominick Grift)
Date: Mon, 13 Apr 2015 21:33:34 +0200
Subject: [refpolicy] [PATCH 3/3] dnsmasq: allow exec shell for scripts
In-Reply-To: <1428939373-20020-3-git-send-email-jason@perfinion.com>
References: <1428939373-20020-1-git-send-email-jason@perfinion.com>
	<1428939373-20020-3-git-send-email-jason@perfinion.com>
Message-ID: <20150413193332.GG32570@x131e>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Apr 13, 2015 at 07:36:13PM +0400, Jason Zaman wrote:
> dnsmasq has the --dhcp-script= option to execute scripts when leases are
> given. dnsmasq needs to have shell access to run these.

Thanks. Merged
> ---
>  dnsmasq.te | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/dnsmasq.te b/dnsmasq.te
> index e2f8300..b3caf80 100644
> --- a/dnsmasq.te
> +++ b/dnsmasq.te
> @@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t)
>  kernel_read_system_state(dnsmasq_t)
>  kernel_request_load_module(dnsmasq_t)
>  
> +corecmd_exec_shell(dnsmasq_t)
> +
>  corenet_all_recvfrom_unlabeled(dnsmasq_t)
>  corenet_all_recvfrom_netlabel(dnsmasq_t)
>  corenet_tcp_sendrecv_generic_if(dnsmasq_t)
> -- 
> 2.0.5
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150413/99c9cd42/attachment.bin