From mboxrd@z Thu Jan  1 00:00:00 1970
From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 9 May 2013 18:12:31 +0200
Subject: [refpolicy] [PATCH 2/2] Support IPv6 Neighbor Discovery
 Protocol for dhcpcd
In-Reply-To: <518BA0A3.5040501@tresys.com>
References: <1367951826-21257-1-git-send-email-sven.vermeulen@siphos.be>
	<1367951826-21257-3-git-send-email-sven.vermeulen@siphos.be>
	<518BA0A3.5040501@tresys.com>
Message-ID: <20130509161231.GA4209@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, May 09, 2013 at 09:12:03AM -0400, Christopher J. PeBenito wrote:
> On 05/07/13 14:37, Sven Vermeulen wrote:
> > The dhcpcd client supports IPv6 NDP, but when trying to use it the request fails
> > with:
> > 
> >   ipv6rs: Permission denied
> > 
> > In the audit log, a denial is shown about dhcpc_t wanting to create a
> > rawip_socket. After allowing this, the client succeeds.
> 
> Thats odd; I don't see this on my IPv6 system.  Which version of dhcpcd is this seen on?  I'm using 5.6.8.

I'm using dhcpcd-5.6.4 currently; I use the "-t 5 -L --ipv6ra_own"
options.

I tried it again (disabled the rule):

 * Bringing up interface eth0
 *   dhcp ...
 *     Running dhcpcd ...
dhcpcd[19528]: version 5.6.4 starting
dhcpcd[19528]: all: disabling Kernel IPv6 RA support
dhcpcd[19528]: ipv6rs: Permission denied
dhcpcd[19528]: ipv6nd: Permission denied
dhcpcd[19528]: eth0: broadcasting for a lease
dhcpcd[19528]: timed out
dhcpcd[19528]: all: restoring Kernel IPv6 RA support
 * ERROR: net.eth0 failed to start

I'll update to 5.6.8 soon and see if it persists.

Wkr,
	Sven Vermeulen