1 |
Markus Bartl wrote: |
2 |
|
3 |
> Ok thats one thing. |
4 |
> But the real nasty thing is the denial of write access to resolv.conf |
5 |
> which leads to an improper network configuration. |
6 |
> I would really be happy about any suggestions. |
7 |
|
8 |
What kind of network setup do you have in your conf.d/net file? It's |
9 |
not your dhcp client that is being denied access -- it's runscript.sh |
10 |
itself. Your dhcp client should be running it its own context (dhcpc_t) |
11 |
which has the proper access. |
12 |
|
13 |
And, as always, if the policy on your system is missing something you |
14 |
need to boot, it's fairly straightforward to make a local policy module. |
15 |
You can then use audit2allow and pipe those avc messages through it. |
16 |
A good tutorial can be found here: |
17 |
|
18 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&chap=5 |