sysnetwork: fixes for dhcpcd
Allow dhcpcd to create netlink socket and read files under /run/udev/. Fixes: avc: denied { search } for pid=393 comm="dhcpcd" name="udev" dev="tmpfs" ino=49 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:udev_runtime_t:s0 tclass=dir permissive=1 avc: denied { create } for pid=393 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 avc: denied { getopt } for pid=393 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 avc: denied { setopt } for pid=393 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 avc: denied { bind } for pid=393 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 avc: denied { getattr } for pid=393 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tclass=netlink_kobject_uevent_socket permissive=1 avc: denied { read } for pid=393 comm="dhcpcd" name="n1" dev="tmpfs" ino=222 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1 avc: denied { open } for pid=393 comm="dhcpcd" path="/run/udev/data/n1" dev="tmpfs" ino=222 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1 avc: denied { getattr } for pid=393 comm="dhcpcd" path="/run/udev/data/n1" dev="tmpfs" ino=222 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
parent
af26e63697
commit
bf34d3e5e8
|
@ -73,6 +73,7 @@ allow dhcpc_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow dhcpc_t self:udp_socket create_socket_perms;
|
allow dhcpc_t self:udp_socket create_socket_perms;
|
||||||
allow dhcpc_t self:packet_socket create_socket_perms;
|
allow dhcpc_t self:packet_socket create_socket_perms;
|
||||||
allow dhcpc_t self:netlink_generic_socket create_socket_perms;
|
allow dhcpc_t self:netlink_generic_socket create_socket_perms;
|
||||||
|
allow dhcpc_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
|
allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
|
||||||
allow dhcpc_t self:rawip_socket create_socket_perms;
|
allow dhcpc_t self:rawip_socket create_socket_perms;
|
||||||
allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto };
|
allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto };
|
||||||
|
@ -266,6 +267,10 @@ optional_policy(`
|
||||||
seutil_dontaudit_search_config(dhcpc_t)
|
seutil_dontaudit_search_config(dhcpc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
udev_read_runtime_files(dhcpc_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
userdom_use_all_users_fds(dhcpc_t)
|
userdom_use_all_users_fds(dhcpc_t)
|
||||||
')
|
')
|
||||||
|
|
Loading…
Reference in New Issue