1 |
On Mon, 2008-02-25 at 17:36 -0500, Mike Edenfield wrote: |
2 |
> I'm trying to write a policy module for WPA (mostly for practice), to |
3 |
> get rid of the numerous denials generated by the socket usage. I'm |
4 |
> stuck trying to get the wpa_cli and wpa_supplicant processes to |
5 |
> transition to the context I've defined for them, when launched out of |
6 |
> init. They are holding the initrc_t context, even though I'm pretty |
7 |
> sure I have everything set up properly. |
8 |
|
9 |
Sorry for the slow response, but I was having some problems with my g.o |
10 |
email. I don't see the transition from initrc_t to your domain. You |
11 |
want to use the init_daemon_domain() interface. |
12 |
|
13 |
> # Basic wpa_t domain and entry point. |
14 |
> type wpa_t; |
15 |
> type wpa_exec_t; |
16 |
> |
17 |
> domain_type(wpa_t) |
18 |
> domain_entry_file(wpa_t, wpa_exec_t) |
19 |
[...] |
20 |
> /sbin/wpa_supplicant -- gen_context(system_u:object_r:wpa_exec_t, s0) |
21 |
> /bin/wpa_cli -- gen_context(system_u:object_r:wpa_exec_t, s0) |
22 |
> /bin/wpa_passphrase -- gen_context(system_u:object_r:wpa_exec_t, s0) |
23 |
[...] |
24 |
> # ps axZ | grep wpa |
25 |
> system_u:system_r:initrc_t 3929 ? Ss 0:03 |
26 |
> /sbin/wpa_supplicant |
27 |
> system_u:system_r:initrc_t 3940 ? Ss 0:01 /bin/wpa_cli |
28 |
|
29 |
-- |
30 |
Chris PeBenito |
31 |
<pebenito@g.o> |
32 |
Developer, |
33 |
Hardened Gentoo Linux |
34 |
|
35 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
36 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |