From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 6 Sep 2017 11:04:50 -0400
Subject: [refpolicy] [PATCH] udev and dhcpd
In-Reply-To: <20170905053958.cjovejfwhcf6zwra@athena.coker.com.au>
References: <20170905053958.cjovejfwhcf6zwra@athena.coker.com.au>
Message-ID: <8811b99e-de0f-86da-6259-4a4c3efbeafa@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/05/2017 01:39 AM, Russell Coker via refpolicy wrote:
> Allow udev to talk to init via dbus and get generic unit status.
> 
> Add correct labeling for dhcpd6.leases file.
> 
> 
> Index: refpolicy-2.20170903/policy/modules/system/udev.te
> ===================================================================
> --- refpolicy-2.20170903.orig/policy/modules/system/udev.te
> +++ refpolicy-2.20170903/policy/modules/system/udev.te
> @@ -242,9 +242,14 @@ ifdef(`init_systemd',`
>   	fs_read_cgroup_files(udev_t)
>   
>   	init_dgram_send(udev_t)
> +	init_get_generic_units_status(udev_t)
> +	init_stream_connect(udev_t)
>   
>   	systemd_read_logind_sessions_files(udev_t)
>   	systemd_read_logind_pids(udev_t)
> +	optional_policy(`
> +		init_dbus_chat(udev_t)
> +	')
>   ',`
>   	fs_manage_tmpfs_dirs(udev_t)
>   	fs_manage_tmpfs_files(udev_t)
> Index: refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
> ===================================================================
> --- refpolicy-2.20170903.orig/policy/modules/contrib/dhcp.fc
> +++ refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
> @@ -8,5 +8,6 @@
>   
>   /var/lib/dhcpd(/.*)?	gen_context(system_u:object_r:dhcpd_state_t,s0)
>   /var/lib/dhcp(3)?/dhcpd\.leases.*	--	gen_context(system_u:object_r:dhcpd_state_t,s0)
> +/var/lib/dhcp/dhcpd6\.leases.*	--	gen_context(system_u:object_r:dhcpd_state_t,s0)
>   
>   /run/dhcpd(6)?\.pid	--	gen_context(system_u:object_r:dhcpd_var_run_t,s0)

Merged.

-- 
Chris PeBenito