1 |
On 9 Dec 2016 16:29, "Robert Sharp" <selinux@×××××××××××××××.org> wrote: |
2 |
|
3 |
Just updated all my SELinux policies to 20161023-r1 as they are now stable, |
4 |
which undid one little fix, so I thought I would mention it. |
5 |
|
6 |
Sysnetwork.te does not cover the possibility that dhcpcd may run resolvconf |
7 |
from the dhcpc_script_t domain, which it seems is how my dhcpcd works. This |
8 |
is fixed by adding: |
9 |
|
10 |
optional_policy(` |
11 |
resolvconf_client_domain(dhcpc_script_t) |
12 |
') |
13 |
|
14 |
to the dhcpc_script policy (end of the file). It seems like a reasonable |
15 |
addition, given the same policy applies to the dhcpc_t domain. |
16 |
|
17 |
Not sure if this sort of proposal should be filed as a bug or just raised |
18 |
here? |
19 |
|
20 |
Robert Sharp |
21 |
|
22 |
Can you file a bug on bugs.gentoo.org and say this and also list the AVCs |
23 |
you get from audit.log? |
24 |
|
25 |
I have already prepared the -r2 release just haven't pushed it to the repo |
26 |
yet so I probably won't add to that cuz I don't want to do it last min. The |
27 |
-r2 policies will be out as soon as I figure out why the 4.8 kernel isn't |
28 |
booting for me. |
29 |
|
30 |
Thanks! |
31 |
Jason |