LinuxLists.cc - [refpolicy] [PATCH] udev and dhcpd

2017-09-05 05:39:58

Subject: [refpolicy] [PATCH] udev and dhcpd

Allow udev to talk to init via dbus and get generic unit status.

Add correct labeling for dhcpd6.leases file.

Index: refpolicy-2.20170903/policy/modules/system/udev.te
===================================================================
--- refpolicy-2.20170903.orig/policy/modules/system/udev.te
+++ refpolicy-2.20170903/policy/modules/system/udev.te
@@ -242,9 +242,14 @@ ifdef(`init_systemd',`
fs_read_cgroup_files(udev_t)

init_dgram_send(udev_t)
+ init_get_generic_units_status(udev_t)
+ init_stream_connect(udev_t)

systemd_read_logind_sessions_files(udev_t)
systemd_read_logind_pids(udev_t)
+ optional_policy(`
+ init_dbus_chat(udev_t)
+ ')
',`
fs_manage_tmpfs_dirs(udev_t)
fs_manage_tmpfs_files(udev_t)
Index: refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
===================================================================
--- refpolicy-2.20170903.orig/policy/modules/contrib/dhcp.fc
+++ refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
@@ -8,5 +8,6 @@

/var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0)
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
+/var/lib/dhcp/dhcpd6\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)

/run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)

2017-09-06 15:04:50

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH] udev and dhcpd

On 09/05/2017 01:39 AM, Russell Coker via refpolicy wrote:
> Allow udev to talk to init via dbus and get generic unit status.
>
> Add correct labeling for dhcpd6.leases file.
>
>
> Index: refpolicy-2.20170903/policy/modules/system/udev.te
> ===================================================================
> --- refpolicy-2.20170903.orig/policy/modules/system/udev.te
> +++ refpolicy-2.20170903/policy/modules/system/udev.te
> @@ -242,9 +242,14 @@ ifdef(`init_systemd',`
> fs_read_cgroup_files(udev_t)
>
> init_dgram_send(udev_t)
> + init_get_generic_units_status(udev_t)
> + init_stream_connect(udev_t)
>
> systemd_read_logind_sessions_files(udev_t)
> systemd_read_logind_pids(udev_t)
> + optional_policy(`
> + init_dbus_chat(udev_t)
> + ')
> ',`
> fs_manage_tmpfs_dirs(udev_t)
> fs_manage_tmpfs_files(udev_t)
> Index: refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
> ===================================================================
> --- refpolicy-2.20170903.orig/policy/modules/contrib/dhcp.fc
> +++ refpolicy-2.20170903/policy/modules/contrib/dhcp.fc
> @@ -8,5 +8,6 @@
>
> /var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0)
> /var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
> +/var/lib/dhcp/dhcpd6\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
>
> /run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)

Merged.

--
Chris PeBenito