corecommands: label dhcpcd hook scripts bin_t

dhcpcd executes scripts in /usr/lib/dhcpcd/:

    avc:  denied  { execute_no_trans } for  pid=608 comm="dhcpcd"
    path="/usr/lib/dhcpcd/dhcpcd-run-hooks" dev="vda1" ino=406981
    scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:lib_t
    tclass=file permissive=1
This commit is contained in:
Nicolas Iooss 2017-08-12 11:51:01 +02:00 committed by Chris PeBenito
parent 52109514d5
commit 28ad98572b

View File

@ -165,6 +165,8 @@ ifdef(`distro_gentoo',`
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0) /usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0)
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
@ -338,8 +340,6 @@ ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)