Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Tue, 13 Oct 2020 03:02:09
Message-Id: 1602450466.7e809e87c1da6253cba08a8d8603f78be8b52b64.perfinion@gentoo
1 commit: 7e809e87c1da6253cba08a8d8603f78be8b52b64
2 Author: Yi Zhao <yi.zhao <AT> windriver <DOT> com>
3 AuthorDate: Tue Sep 15 02:57:58 2020 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Oct 11 21:07:46 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7e809e87
7
8 sysnet: allow dhcpcd to create socket file
9
10 The dhcpcd needs to create socket file under /run/dhcpcd directory.
11
12 Fixes:
13 AVC avc: denied { create } for pid=331 comm="dhcpcd" name="eth0.sock"
14 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
15 tcontext=system_u:object_r:dhcpc_runtime_t:s0 tclass=sock_file
16 permissive=0
17
18 AVC avc: denied { setattr } for pid=331 comm="dhcpcd"
19 name="eth0.sock" dev="tmpfs" ino=19153
20 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
21 tcontext=system_u:object_r:dhcpc_runtime_t:s0 tclass=sock_file
22 permissive=0
23
24 AVC avc: denied { sendto } for pid=331 comm="dhcpcd"
25 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
26 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
27 tclass=unix_dgram_socket permissive=0
28
29 Signed-off-by: Yi Zhao <yi.zhao <AT> windriver.com>
30 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
31
32 policy/modules/system/sysnetwork.te | 2 ++
33 1 file changed, 2 insertions(+)
34
35 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
36 index 83389037..9099802e 100644
37 --- a/policy/modules/system/sysnetwork.te
38 +++ b/policy/modules/system/sysnetwork.te
39 @@ -62,6 +62,7 @@ allow dhcpc_t self:packet_socket create_socket_perms;
40 allow dhcpc_t self:netlink_generic_socket create_socket_perms;
41 allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
42 allow dhcpc_t self:rawip_socket create_socket_perms;
43 +allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto };
44
45 allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
46 read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
47 @@ -74,6 +75,7 @@ allow dhcpc_t dhcpc_state_t:file map;
48
49 # create pid file
50 manage_files_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
51 +manage_sock_files_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
52 create_dirs_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
53 # Create /var/run/dhcpc directory (state directory), needed for /run/dhcpc
54 # Gets done through the dhcpcd-hooks
Report Message
Find on MARC Find on Google Groups