From 0857061b58e5ec0bf00e78839254f21519ed55d4 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@gmail.com>
Date: Fri, 27 Sep 2013 10:36:14 +0200
Subject: [PATCH] hostname: do not audit attempts by hostname to read and write
 dhcpc udp sockets (looks like a leaked fd)

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/system/hostname.te   |  1 +
 policy/modules/system/sysnetwork.if | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index f6cbda923..380197b21 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -51,6 +51,7 @@ logging_send_syslog_msg(hostname_t)
 
 miscfiles_read_localization(hostname_t)
 
+sysnet_dontaudit_rw_dhcpc_udp_sockets(hostname_t)
 sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 52b548cee..2cea692c0 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -45,6 +45,25 @@ interface(`sysnet_run_dhcpc',`
 	roleattribute $2 dhcpc_roles;
 ')
 
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write dhcpc udp socket descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`sysnet_dontaudit_rw_dhcpc_udp_sockets',`
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	dontaudit $1 dhcpc_t:udp_socket { read write };
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to use