udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain

The script basically does what the name suggests, and additionally it need to be able to stop and start avahi-daemon via its init script Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-24 15:40:29 +02:00 · 2013-09-24 15:40:29 +02:00 · 5db6014548
parent 50e5772ead
commit 5db6014548
1 changed files with 10 additions and 0 deletions
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@ -172,6 +172,16 @@ sysnet_etc_filetrans_config(udev_t)

 userdom_dontaudit_search_user_home_content(udev_t)

+ifdef(`distro_debian',`
+	optional_policy(`
+		kernel_read_vm_sysctls(udev_t)
+		corenet_udp_bind_generic_node(udev_t)
+		miscfiles_read_generic_certs(udev_t)
+		avahi_initrc_domtrans(udev_t)
+		avahi_manage_pid_files(udev_t)
+	')
+')
+
 ifdef(`distro_gentoo',`
 	# during boot, init scripts use /dev/.rcsysinit
 	# existance to determine if we are in early booting