| 1 |
On 9 Dec 2016 16:29, "Robert Sharp" <selinux@×××××××××××××××.org> wrote: |
| 2 |
|
| 3 |
Just updated all my SELinux policies to 20161023-r1 as they are now stable, |
| 4 |
which undid one little fix, so I thought I would mention it. |
| 5 |
|
| 6 |
Sysnetwork.te does not cover the possibility that dhcpcd may run resolvconf |
| 7 |
from the dhcpc_script_t domain, which it seems is how my dhcpcd works. This |
| 8 |
is fixed by adding: |
| 9 |
|
| 10 |
optional_policy(` |
| 11 |
resolvconf_client_domain(dhcpc_script_t) |
| 12 |
') |
| 13 |
|
| 14 |
to the dhcpc_script policy (end of the file). It seems like a reasonable |
| 15 |
addition, given the same policy applies to the dhcpc_t domain. |
| 16 |
|
| 17 |
Not sure if this sort of proposal should be filed as a bug or just raised |
| 18 |
here? |
| 19 |
|
| 20 |
Robert Sharp |
| 21 |
|
| 22 |
Can you file a bug on bugs.gentoo.org and say this and also list the AVCs |
| 23 |
you get from audit.log? |
| 24 |
|
| 25 |
I have already prepared the -r2 release just haven't pushed it to the repo |
| 26 |
yet so I probably won't add to that cuz I don't want to do it last min. The |
| 27 |
-r2 policies will be out as soon as I figure out why the 4.8 kernel isn't |
| 28 |
booting for me. |
| 29 |
|
| 30 |
Thanks! |
| 31 |
Jason |
Archives