| 1 |
Markus Bartl wrote: |
| 2 |
|
| 3 |
> Ok thats one thing. |
| 4 |
> But the real nasty thing is the denial of write access to resolv.conf |
| 5 |
> which leads to an improper network configuration. |
| 6 |
> I would really be happy about any suggestions. |
| 7 |
|
| 8 |
What kind of network setup do you have in your conf.d/net file? It's |
| 9 |
not your dhcp client that is being denied access -- it's runscript.sh |
| 10 |
itself. Your dhcp client should be running it its own context (dhcpc_t) |
| 11 |
which has the proper access. |
| 12 |
|
| 13 |
And, as always, if the policy on your system is missing something you |
| 14 |
need to boot, it's fairly straightforward to make a local policy module. |
| 15 |
You can then use audit2allow and pipe those avc messages through it. |
| 16 |
A good tutorial can be found here: |
| 17 |
|
| 18 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&chap=5 |
Archives