RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sysnet: allow dhcpcd to create socket file 

The dhcpcd needs to create socket file under /run/dhcpcd directory.

Fixes:
AVC avc:  denied  { create } for  pid=331 comm="dhcpcd" name="eth0.sock"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:dhcpc_runtime_t:s0 tclass=sock_file
permissive=0

AVC avc:  denied  { setattr } for  pid=331 comm="dhcpcd"
name="eth0.sock" dev="tmpfs" ino=19153
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:dhcpc_runtime_t:s0 tclass=sock_file
permissive=0

AVC avc:  denied  { sendto } for  pid=331 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=unix_dgram_socket permissive=0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2020-09-15 10:57:58 +08:00
parent c33866e1f6
commit 25251b1f3b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/sysnetwork.te
View File

@ -62,6 +62,7 @@ allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t self:netlink_generic_socket create_socket_perms; allow dhcpc_t self:netlink_generic_socket create_socket_perms;
allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms; allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
allow dhcpc_t self:rawip_socket create_socket_perms; allow dhcpc_t self:rawip_socket create_socket_perms;
allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms; allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t) read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
@ -74,6 +75,7 @@ allow dhcpc_t dhcpc_state_t:file map;
# create pid file # create pid file
manage_files_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t) manage_files_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
manage_sock_files_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
create_dirs_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t) create_dirs_pattern(dhcpc_t, dhcpc_runtime_t, dhcpc_runtime_t)
files_runtime_filetrans(dhcpc_t, dhcpc_runtime_t, { file dir }) files_runtime_filetrans(dhcpc_t, dhcpc_runtime_t, { file dir })