| 1 |
On Mon, 2008-02-25 at 17:36 -0500, Mike Edenfield wrote: |
| 2 |
> I'm trying to write a policy module for WPA (mostly for practice), to |
| 3 |
> get rid of the numerous denials generated by the socket usage. I'm |
| 4 |
> stuck trying to get the wpa_cli and wpa_supplicant processes to |
| 5 |
> transition to the context I've defined for them, when launched out of |
| 6 |
> init. They are holding the initrc_t context, even though I'm pretty |
| 7 |
> sure I have everything set up properly. |
| 8 |
|
| 9 |
Sorry for the slow response, but I was having some problems with my g.o |
| 10 |
email. I don't see the transition from initrc_t to your domain. You |
| 11 |
want to use the init_daemon_domain() interface. |
| 12 |
|
| 13 |
> # Basic wpa_t domain and entry point. |
| 14 |
> type wpa_t; |
| 15 |
> type wpa_exec_t; |
| 16 |
> |
| 17 |
> domain_type(wpa_t) |
| 18 |
> domain_entry_file(wpa_t, wpa_exec_t) |
| 19 |
[...] |
| 20 |
> /sbin/wpa_supplicant -- gen_context(system_u:object_r:wpa_exec_t, s0) |
| 21 |
> /bin/wpa_cli -- gen_context(system_u:object_r:wpa_exec_t, s0) |
| 22 |
> /bin/wpa_passphrase -- gen_context(system_u:object_r:wpa_exec_t, s0) |
| 23 |
[...] |
| 24 |
> # ps axZ | grep wpa |
| 25 |
> system_u:system_r:initrc_t 3929 ? Ss 0:03 |
| 26 |
> /sbin/wpa_supplicant |
| 27 |
> system_u:system_r:initrc_t 3940 ? Ss 0:01 /bin/wpa_cli |
| 28 |
|
| 29 |
-- |
| 30 |
Chris PeBenito |
| 31 |
<pebenito@g.o> |
| 32 |
Developer, |
| 33 |
Hardened Gentoo Linux |
| 34 |
|
| 35 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 36 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives