* [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2
@ 2010-12-20 22:29 gizmo at giz-works.com
2010-12-20 22:31 ` Dominick Grift
0 siblings, 1 reply; 3+ messages in thread
From: gizmo at giz-works.com @ 2010-12-20 22:29 UTC (permalink / raw)
To: refpolicy
From: Chris Richards <gizmo@giz-works.com>
Allow dhcpcd DCHP Client daemon to start. Add interface to allow
hostname daemon to talk to dhcpcd.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
---
policy/modules/system/sysnetwork.te | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index dfbe736..e0838f8 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
+allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
@@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
kernel_read_system_state(dhcpc_t)
kernel_read_network_state(dhcpc_t)
-kernel_search_network_sysctl(dhcpc_t)
+kernel_rw_network_sysctls(dhcpc_t)
kernel_read_kernel_sysctls(dhcpc_t)
kernel_request_load_module(dhcpc_t)
kernel_use_fds(dhcpc_t)
--
1.7.3.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2
2010-12-20 22:29 [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2 gizmo at giz-works.com
@ 2010-12-20 22:31 ` Dominick Grift
2010-12-21 13:47 ` Daniel J Walsh
0 siblings, 1 reply; 3+ messages in thread
From: Dominick Grift @ 2010-12-20 22:31 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote:
> From: Chris Richards <gizmo@giz-works.com>
>
> Allow dhcpcd DCHP Client daemon to start. Add interface to allow
> hostname daemon to talk to dhcpcd.
>
> Signed-off-by: Chris Richards <gizmo@giz-works.com>
> ---
> policy/modules/system/sysnetwork.te | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index dfbe736..e0838f8 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
> allow dhcpc_t self:tcp_socket create_stream_socket_perms;
> allow dhcpc_t self:udp_socket create_socket_perms;
> allow dhcpc_t self:packet_socket create_socket_perms;
> -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
i might be wrong but are you sure that "r_netlink_socket_perms" is not
enough?
> +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
>
> allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
> read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
> @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
>
> kernel_read_system_state(dhcpc_t)
> kernel_read_network_state(dhcpc_t)
> -kernel_search_network_sysctl(dhcpc_t)
> +kernel_rw_network_sysctls(dhcpc_t)
> kernel_read_kernel_sysctls(dhcpc_t)
> kernel_request_load_module(dhcpc_t)
> kernel_use_fds(dhcpc_t)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0P2ScACgkQMlxVo39jgT/teQCfdnnCbA+ITSPZKuvdAnD42CEP
W08AnjJaxtrNINdPc9hz+qlYb+8iXwnH
=MijZ
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 3+ messages in thread* [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2
2010-12-20 22:31 ` Dominick Grift
@ 2010-12-21 13:47 ` Daniel J Walsh
0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2010-12-21 13:47 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/20/2010 05:31 PM, Dominick Grift wrote:
> On 12/20/2010 11:29 PM, gizmo at giz-works.com wrote:
>> From: Chris Richards <gizmo@giz-works.com>
>
>> Allow dhcpcd DCHP Client daemon to start. Add interface to allow
>> hostname daemon to talk to dhcpcd.
>
>> Signed-off-by: Chris Richards <gizmo@giz-works.com>
>> ---
>> policy/modules/system/sysnetwork.te | 4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>
>> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
>> index dfbe736..e0838f8 100644
>> --- a/policy/modules/system/sysnetwork.te
>> +++ b/policy/modules/system/sysnetwork.te
>> @@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
>> allow dhcpc_t self:tcp_socket create_stream_socket_perms;
>> allow dhcpc_t self:udp_socket create_socket_perms;
>> allow dhcpc_t self:packet_socket create_socket_perms;
>> -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
>
> i might be wrong but are you sure that "r_netlink_socket_perms" is not
> enough?
>
>> +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
>
This would allow it to modify the routing table, which might make sense
for dhcp clients.
>> allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
>> read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
>> @@ -81,7 +81,7 @@ domtrans_pattern(dhcpc_t, ifconfig_exec_t, ifconfig_t)
>
>> kernel_read_system_state(dhcpc_t)
>> kernel_read_network_state(dhcpc_t)
>> -kernel_search_network_sysctl(dhcpc_t)
>> +kernel_rw_network_sysctls(dhcpc_t)
>> kernel_read_kernel_sysctls(dhcpc_t)
>> kernel_request_load_module(dhcpc_t)
>> kernel_use_fds(dhcpc_t)
>
_______________________________________________
refpolicy mailing list
refpolicy at oss.tresys.com
http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0QsAoACgkQrlYvE4MpobNunQCg1QGLbZGff1V2ZrUYDi4WJjvh
Km0AmwTtYTVPKJrTmGCrt2FduRc49c7m
=vvj2
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-12-21 13:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-20 22:29 [refpolicy] [PATCH 2/2] DHCPC daemon init network interface, try 2 gizmo at giz-works.com
2010-12-20 22:31 ` Dominick Grift
2010-12-21 13:47 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.