From 28ad98572b242745f2d607c0a7eef1f0ef329cd3 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Sat, 12 Aug 2017 11:51:01 +0200 Subject: [PATCH] corecommands: label dhcpcd hook scripts bin_t dhcpcd executes scripts in /usr/lib/dhcpcd/: avc: denied { execute_no_trans } for pid=608 comm="dhcpcd" path="/usr/lib/dhcpcd/dhcpcd-run-hooks" dev="vda1" ino=406981 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:lib_t tclass=file permissive=1 --- policy/modules/kernel/corecommands.fc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index d30445437..ce4218fed 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -165,6 +165,8 @@ ifdef(`distro_gentoo',` /usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0) /usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0) @@ -338,8 +340,6 @@ ifdef(`distro_gentoo', ` /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0) - /usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)