* [refpolicy] [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd)
@ 2013-09-27 9:35 Dominick Grift
2013-09-27 21:05 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Dominick Grift @ 2013-09-27 9:35 UTC (permalink / raw)
To: refpolicy
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 9476a7e..9fbb331 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -111,7 +111,9 @@
corenet_udp_bind_dhcpc_port(dhcpc_t)
corenet_tcp_connect_all_ports(dhcpc_t)
corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
+
+corenet_sendrecv_all_server_packets(dhcpc_t)
+corenet_udp_bind_all_unreserved_ports(dhcpc_t)
dev_read_sysfs(dhcpc_t)
# for SSP:
@@ -313,6 +315,8 @@
seutil_use_runinit_fds(ifconfig_t)
+sysnet_dontaudit_rw_dhcpc_udp_sockets(ifconfig_t)
+
userdom_use_user_terminals(ifconfig_t)
userdom_use_all_users_fds(ifconfig_t)
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd)
2013-09-27 9:35 [refpolicy] [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd) Dominick Grift
@ 2013-09-27 21:05 ` Christopher J. PeBenito
2013-09-27 21:09 ` Dominick Grift
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2013-09-27 21:05 UTC (permalink / raw)
To: refpolicy
On Fri 27 Sep 2013 05:35:41 AM EDT, Dominick Grift wrote:
>
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index 9476a7e..9fbb331 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -111,7 +111,9 @@
> corenet_udp_bind_dhcpc_port(dhcpc_t)
> corenet_tcp_connect_all_ports(dhcpc_t)
> corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
> -corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
> +
> +corenet_sendrecv_all_server_packets(dhcpc_t)
> +corenet_udp_bind_all_unreserved_ports(dhcpc_t)
I'm anxious about allowing. Which dhcpc is doing this?
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd)
2013-09-27 21:05 ` Christopher J. PeBenito
@ 2013-09-27 21:09 ` Dominick Grift
0 siblings, 0 replies; 3+ messages in thread
From: Dominick Grift @ 2013-09-27 21:09 UTC (permalink / raw)
To: refpolicy
On Fri, 2013-09-27 at 17:05 -0400, Christopher J. PeBenito wrote:
> On Fri 27 Sep 2013 05:35:41 AM EDT, Dominick Grift wrote:
> >
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> > index 9476a7e..9fbb331 100644
> > --- a/policy/modules/system/sysnetwork.te
> > +++ b/policy/modules/system/sysnetwork.te
> > @@ -111,7 +111,9 @@
> > corenet_udp_bind_dhcpc_port(dhcpc_t)
> > corenet_tcp_connect_all_ports(dhcpc_t)
> > corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
> > -corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
> > +
> > +corenet_sendrecv_all_server_packets(dhcpc_t)
> > +corenet_udp_bind_all_unreserved_ports(dhcpc_t)
>
> I'm anxious about allowing. Which dhcpc is doing this?
dhclient this is also allowed on Fedora, seems very common i dont like
it either but little we can do about it
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-09-27 21:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-27 9:35 [refpolicy] [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd) Dominick Grift
2013-09-27 21:05 ` Christopher J. PeBenito
2013-09-27 21:09 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.