* [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2
@ 2010-12-20 22:29 gizmo at giz-works.com
2011-01-05 15:33 ` Christopher J. PeBenito
0 siblings, 1 reply; 5+ messages in thread
From: gizmo at giz-works.com @ 2010-12-20 22:29 UTC (permalink / raw)
To: refpolicy
From: Chris Richards <gizmo@giz-works.com>
Allow the hostname daemon to configure the system hostname according
to information obtained from dhcpcd DHCP Client daemon.
Signed-off-by: Chris Richards <gizmo@giz-works.com>
---
policy/modules/system/hostname.te | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index c310775..8509560 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
logging_send_syslog_msg(hostname_t)
+sysnet_rw_dhcpc_stream_sockets(hostname_t)
+
miscfiles_read_localization(hostname_t)
sysnet_read_config(hostname_t)
--
1.7.3.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2
2010-12-20 22:29 [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2 gizmo at giz-works.com
@ 2011-01-05 15:33 ` Christopher J. PeBenito
2011-01-05 19:34 ` Chris Richards
0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2011-01-05 15:33 UTC (permalink / raw)
To: refpolicy
On 12/20/10 17:29, gizmo at giz-works.com wrote:
> From: Chris Richards <gizmo@giz-works.com>
>
> Allow the hostname daemon to configure the system hostname according
> to information obtained from dhcpcd DHCP Client daemon.
Are you sure these aren't from a leaked fd?
> Signed-off-by: Chris Richards <gizmo@giz-works.com>
> ---
> policy/modules/system/hostname.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
> index c310775..8509560 100644
> --- a/policy/modules/system/hostname.te
> +++ b/policy/modules/system/hostname.te
> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>
> logging_send_syslog_msg(hostname_t)
>
> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
> +
> miscfiles_read_localization(hostname_t)
>
> sysnet_read_config(hostname_t)
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2
2011-01-05 15:33 ` Christopher J. PeBenito
@ 2011-01-05 19:34 ` Chris Richards
2011-01-06 13:03 ` Christopher J. PeBenito
0 siblings, 1 reply; 5+ messages in thread
From: Chris Richards @ 2011-01-05 19:34 UTC (permalink / raw)
To: refpolicy
On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>> From: Chris Richards<gizmo@giz-works.com>
>>
>> Allow the hostname daemon to configure the system hostname according
>> to information obtained from dhcpcd DHCP Client daemon.
> Are you sure these aren't from a leaked fd?
>
Not 100%, no. How would I tell?
>> Signed-off-by: Chris Richards<gizmo@giz-works.com>
>> ---
>> policy/modules/system/hostname.te | 2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>> index c310775..8509560 100644
>> --- a/policy/modules/system/hostname.te
>> +++ b/policy/modules/system/hostname.te
>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>
>> logging_send_syslog_msg(hostname_t)
>>
>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>> +
>> miscfiles_read_localization(hostname_t)
>>
>> sysnet_read_config(hostname_t)
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2
2011-01-05 19:34 ` Chris Richards
@ 2011-01-06 13:03 ` Christopher J. PeBenito
2011-01-07 7:00 ` Chris Richards
0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2011-01-06 13:03 UTC (permalink / raw)
To: refpolicy
On 01/05/11 14:34, Chris Richards wrote:
> On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
>> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>>> From: Chris Richards<gizmo@giz-works.com>
>>>
>>> Allow the hostname daemon to configure the system hostname according
>>> to information obtained from dhcpcd DHCP Client daemon.
>> Are you sure these aren't from a leaked fd?
>>
> Not 100%, no. How would I tell?
Did you try dontauditing it? If its leaked it would work without the
access.
>>> Signed-off-by: Chris Richards<gizmo@giz-works.com>
>>> ---
>>> policy/modules/system/hostname.te | 2 ++
>>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>>> index c310775..8509560 100644
>>> --- a/policy/modules/system/hostname.te
>>> +++ b/policy/modules/system/hostname.te
>>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>>
>>> logging_send_syslog_msg(hostname_t)
>>>
>>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>>> +
>>> miscfiles_read_localization(hostname_t)
>>>
>>> sysnet_read_config(hostname_t)
>>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2
2011-01-06 13:03 ` Christopher J. PeBenito
@ 2011-01-07 7:00 ` Chris Richards
0 siblings, 0 replies; 5+ messages in thread
From: Chris Richards @ 2011-01-07 7:00 UTC (permalink / raw)
To: refpolicy
On 01/06/2011 07:03 AM, Christopher J. PeBenito wrote:
> On 01/05/11 14:34, Chris Richards wrote:
>> On 01/05/2011 09:33 AM, Christopher J. PeBenito wrote:
>>> On 12/20/10 17:29, gizmo at giz-works.com wrote:
>>>> From: Chris Richards<gizmo@giz-works.com>
>>>>
>>>> Allow the hostname daemon to configure the system hostname according
>>>> to information obtained from dhcpcd DHCP Client daemon.
>>> Are you sure these aren't from a leaked fd?
>>>
>> Not 100%, no. How would I tell?
> Did you try dontauditing it? If its leaked it would work without the
> access.
I am unable to reproduce even the AVC that caused this. Since this was
a corner-case anyway, let's just table this patch for the time being.
It's not going to affect very many people, and if I can reproduce it,
I'll see if I can investigate it a bit more thoroughly.
>>>> Signed-off-by: Chris Richards<gizmo@giz-works.com>
>>>> ---
>>>> policy/modules/system/hostname.te | 2 ++
>>>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
>>>> index c310775..8509560 100644
>>>> --- a/policy/modules/system/hostname.te
>>>> +++ b/policy/modules/system/hostname.te
>>>> @@ -49,6 +49,8 @@ init_use_script_ptys(hostname_t)
>>>>
>>>> logging_send_syslog_msg(hostname_t)
>>>>
>>>> +sysnet_rw_dhcpc_stream_sockets(hostname_t)
>>>> +
>>>> miscfiles_read_localization(hostname_t)
>>>>
>>>> sysnet_read_config(hostname_t)
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-01-07 7:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-20 22:29 [refpolicy] [PATCH 1/1] hostname daemon init hostname from dhcpcd, try 2 gizmo at giz-works.com
2011-01-05 15:33 ` Christopher J. PeBenito
2011-01-05 19:34 ` Chris Richards
2011-01-06 13:03 ` Christopher J. PeBenito
2011-01-07 7:00 ` Chris Richards
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.