RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hostname: do not audit attempts by hostname to read and write dhcpc udp sockets (looks like a leaked fd) 

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
This commit is contained in:
Dominick Grift 2013-09-27 10:36:14 +02:00 committed by Chris PeBenito
parent 48554d9376
commit 0857061b58
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/hostname.te
View File

@ -51,6 +51,7 @@ logging_send_syslog_msg(hostname_t)
miscfiles_read_localization(hostname_t)
sysnet_dontaudit_rw_dhcpc_udp_sockets(hostname_t)
sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
sysnet_read_config(hostname_t)
sysnet_dns_name_resolve(hostname_t)

19
policy/modules/system/sysnetwork.if
View File

@ -45,6 +45,25 @@ interface(`sysnet_run_dhcpc',`
roleattribute $2 dhcpc_roles;
')
########################################
## <summary>
## Do not audit attempts to read and
## write dhcpc udp socket descriptors.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`sysnet_dontaudit_rw_dhcpc_udp_sockets',`
gen_require(`
type dhcpc_t;
')
dontaudit $1 dhcpc_t:udp_socket { read write };
')
########################################
## <summary>
## Do not audit attempts to use