1 |
I've almost got my wpa policy module working properly, but something I |
2 |
did along the way is causing the startup scripts to act kinda strange. |
3 |
The wpa processes are now running under the domain I defined for them, |
4 |
but so are a bunch of other network daemon processes that launch after WPA: |
5 |
|
6 |
system_u:system_r:wpa_t 3944 ? Ss 0:00 |
7 |
/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -C/var/run |
8 |
system_u:system_r:wpa_t 3955 ? Ss 0:00 /bin/wpa_cli |
9 |
-a/etc/wpa_supplicant/wpa_cli.sh -p/var/run/wpa_supplicant - |
10 |
system_u:system_r:wpa_t 6834 ? Ss 0:00 sshd: kutulu |
11 |
[priv] |
12 |
system_u:system_r:wpa_t 6836 ? S 0:00 sshd: |
13 |
kutulu@pts/0 |
14 |
system_u:system_r:dhcpc_t 10500 ? Ss 0:00 /sbin/dhcpcd |
15 |
-h songbird -m 2000 eth0 |
16 |
system_u:system_r:wpa_t 10695 ? Ss 0:00 |
17 |
/usr/sbin/ntpd -p /var/run/ntpd.pid |
18 |
system_u:system_r:wpa_t 10753 ? Ss 0:00 /usr/sbin/smbd -D |
19 |
system_u:system_r:wpa_t 10757 ? S 0:00 /usr/sbin/smbd -D |
20 |
system_u:system_r:wpa_t 10763 ? Ss 0:00 /usr/sbin/nmbd -D |
21 |
system_u:system_r:wpa_t 10821 ? Ss 0:00 /usr/sbin/sshd |
22 |
|
23 |
|
24 |
I forced dhcpcd to run in the correct domain by adding an explicit |
25 |
domain_auto_trans rule for wpa_t -> dhcpc_exec_t -> dhcpc_t, which |
26 |
solved that specific problem. The other processes sometimes run |
27 |
correctly, sometimes run as wpa_t, but at least one always seems to be |
28 |
an issue. I'm pretty sure I'm fixing the problem the wrong way by |
29 |
adding all these transition rules, and I'm not sure why this is |
30 |
happening to begin with. |
31 |
|
32 |
Has anyone seen this before? Is there something simple I'm missing from |
33 |
my policy module (I hope!)? |
34 |
|
35 |
Thanks, |
36 |
|
37 |
--Mike |
38 |
-- |
39 |
gentoo-hardened@l.g.o mailing list |