From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 26 Sep 2013 09:41:48 -0400 Subject: [refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain In-Reply-To: <1380030029-25640-1-git-send-email-dominick.grift@gmail.com> References: <1380030029-25640-1-git-send-email-dominick.grift@gmail.com> Message-ID: <5244399C.3040407@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue 24 Sep 2013 09:40:29 AM EDT, Dominick Grift wrote: > The script basically does what the name suggests, and additionally it > need to be able to stop and start avahi-daemon via its init script > > Signed-off-by: Dominick Grift > --- > policy/modules/system/udev.te | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te > index d8b9856..6a5e1e2 100644 > --- a/policy/modules/system/udev.te > +++ b/policy/modules/system/udev.te > @@ -177,6 +177,16 @@ sysnet_etc_filetrans_config(udev_t) > > userdom_dontaudit_search_user_home_content(udev_t) > > +ifdef(`distro_debian',` > + optional_policy(` > + kernel_read_vm_sysctls(udev_t) > + corenet_udp_bind_generic_node(udev_t) > + miscfiles_read_generic_certs(udev_t) > + avahi_initrc_domtrans(udev_t) > + avahi_manage_pid_files(udev_t) > + ') > +') > + > ifdef(`distro_gentoo',` > # during boot, init scripts use /dev/.rcsysinit > # existance to determine if we are in early booting Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com