1 |
Chris PeBenito wrote: |
2 |
> On Sun, 2008-03-09 at 09:43 -0400, Mike Edenfield wrote: |
3 |
>> I've almost got my wpa policy module working properly, but something I |
4 |
>> did along the way is causing the startup scripts to act kinda strange. |
5 |
>> The wpa processes are now running under the domain I defined for them, |
6 |
>> but so are a bunch of other network daemon processes that launch after WPA: |
7 |
>> |
8 |
>> system_u:system_r:wpa_t 3944 ? Ss 0:00 /sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -C/var/run |
9 |
>> system_u:system_r:wpa_t 3955 ? Ss 0:00 /bin/wpa_cli -a/etc/wpa_supplicant/wpa_cli.sh -p/var/run/wpa_supplicant - |
10 |
>> system_u:system_r:wpa_t 6834 ? Ss 0:00 sshd: kutulu [priv] |
11 |
>> system_u:system_r:wpa_t 6836 ? S 0:00 sshd: kutulu@pts/0 |
12 |
> |
13 |
> What did you do to fix the transition to get to wpa_t? Was it the same |
14 |
> as my other response? |
15 |
|
16 |
Yes, I added the init_daemon_domain rule to my policy, as you had |
17 |
mentioned in your other email: |
18 |
|
19 |
type wpa_t; |
20 |
type wpa_exec_t; |
21 |
init_daemon_domain(wpa_t, wpa_exec_t) |
22 |
can_exec(wpa_t, wpa_exec_t) |
23 |
|
24 |
I should have thought to do this earlier, but I eventually started using |
25 |
the dhcp.te module from the ref policy as a basis, since it behaves |
26 |
similarly to wpa_supplicant (at least, close enough for my purposes.) |
27 |
|
28 |
> If starts/stops services based on network |
29 |
> availability, you'd probably want a transition back to initrc_t |
30 |
> (init_domtrans_script(wpa_t)). Thats assuming it uses the init scripts |
31 |
> to control the services. |
32 |
|
33 |
I just added this rule as well, and it looks like you solved my last |
34 |
little problem for me. Thanks a bunch for the help! |
35 |
|
36 |
--Mike |
37 |
|
38 |
|
39 |
-- |
40 |
gentoo-hardened@l.g.o mailing list |