Why do we have restorecon being called from /sbin/dhclient-script? In the latest strict policy in rawhide dhcpc_t is not permitted to execute restorecon and a cursory glance at the targeted policy suggests that it can't execute it there either. dhcpc_t can only create files of types dhcpc_var_run_t, net_conf_t, dhcpc_tmp_t, and dhcpc_state_t. Of those the type net_conf_t is specified by the domain_auto_trans() rule for files created under /etc. I can't work out how dhclient could create a file with the wrong type to the call to restorecon seems redundant. We don't want to use the policy domain_auto_trans(dhcpc_t, restorecon_exec_t, restorecon_t) because restorecon_t is a highly privileged domain that we want to limit access to (every domain that has such a transition should ideally have it's main programs audited). We don't want to use the policy can_exec(dhcpc_t, restorecon_exec_t) as that will require allowing dhcpc_t to read the policy source which may be regarded as secret (and therefore something that we don't want to give to a program that is always running and has network access). I think it would be best if dhclient-script did not call restorecon at all. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
