sysnetwork: fixes for dhcpcd

Allow dhcpcd to create netlink socket and read files under /run/udev/.

Fixes:
avc: denied { search } for pid=393 comm="dhcpcd" name="udev" dev="tmpfs"
ino=49 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=dir permissive=1

avc: denied { create } for pid=393 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

avc: denied { getopt } for pid=393 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

avc: denied { setopt } for pid=393 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

avc: denied { bind } for  pid=393 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

avc: denied { getattr } for pid=393 comm="dhcpcd"
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

avc: denied { read } for  pid=393 comm="dhcpcd" name="n1" dev="tmpfs"
ino=222 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1

avc: denied { open } for pid=393 comm="dhcpcd" path="/run/udev/data/n1"
dev="tmpfs" ino=222 scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1

avc: denied { getattr } for pid=393 comm="dhcpcd"
path="/run/udev/data/n1" dev="tmpfs" ino=222
scontext=system_u:system_r:dhcpc_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2024-05-28 13:17:42 +08:00
parent af26e63697
commit bf34d3e5e8
1 changed files with 5 additions and 0 deletions

View File

@ -73,6 +73,7 @@ allow dhcpc_t self:tcp_socket create_stream_socket_perms;
allow dhcpc_t self:udp_socket create_socket_perms; allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms; allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t self:netlink_generic_socket create_socket_perms; allow dhcpc_t self:netlink_generic_socket create_socket_perms;
allow dhcpc_t self:netlink_kobject_uevent_socket create_socket_perms;
allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms; allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
allow dhcpc_t self:rawip_socket create_socket_perms; allow dhcpc_t self:rawip_socket create_socket_perms;
allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto }; allow dhcpc_t self:unix_dgram_socket { create_socket_perms sendto };
@ -266,6 +267,10 @@ optional_policy(`
seutil_dontaudit_search_config(dhcpc_t) seutil_dontaudit_search_config(dhcpc_t)
') ')
optional_policy(`
udev_read_runtime_files(dhcpc_t)
')
optional_policy(` optional_policy(`
userdom_use_all_users_fds(dhcpc_t) userdom_use_all_users_fds(dhcpc_t)
') ')