From: russell@coker.com.au (Russell Coker)
Date: Tue, 5 Sep 2017 15:39:58 +1000
Subject: [refpolicy] [PATCH] udev and dhcpd
Message-ID: <20170905053958.cjovejfwhcf6zwra@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow udev to talk to init via dbus and get generic unit status.

Add correct labeling for dhcpd6.leases file.


Index: refpolicy-2.20170903/policy/modules/system/udev.te
===================================================================
--- refpolicy-2.20170903.orig/policy/modules/system/udev.te
+++ refpolicy-2.20170903/policy/modules/system/udev.te
@@ -242,9 +242,14 @@ ifdef(`init_systemd',`
 	fs_read_cgroup_files(udev_t)
 
 	init_dgram_send(udev_t)
+	init_get_generic_units_status(udev_t)
+	init_stream_connect(udev_t)
 
 	systemd_read_logind_sessions_files(udev_t)
 	systemd_read_logind_pids(udev_t)
+	optional_policy(`
+		init_dbus_chat(udev_t)
+	')
 ',`
 	fs_manage_tmpfs_dirs(udev_t)
 	fs_manage_tmpfs_files(udev_t)
Index: refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
===================================================================
--- refpolicy-2.20170903.orig/policy/modules/contrib/dhcp.fc
+++ refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
@@ -8,5 +8,6 @@
 
 /var/lib/dhcpd(/.*)?	gen_context(system_u:object_r:dhcpd_state_t,s0)
 /var/lib/dhcp(3)?/dhcpd\.leases.*	--	gen_context(system_u:object_r:dhcpd_state_t,s0)
+/var/lib/dhcp/dhcpd6\.leases.*	--	gen_context(system_u:object_r:dhcpd_state_t,s0)
 
 /run/dhcpd(6)?\.pid	--	gen_context(system_u:object_r:dhcpd_var_run_t,s0)