Russell Coker wrote:
Yes this is a reported bug. dhcpc_t was not in targeted policy, so the dhcpc maintainer added this callWhy do we have restorecon being called from /sbin/dhclient-script?
In the latest strict policy in rawhide dhcpc_t is not permitted to execute restorecon and a cursory glance at the targeted policy suggests that it can't execute it there either.
dhcpc_t can only create files of types dhcpc_var_run_t, net_conf_t,
dhcpc_tmp_t, and dhcpc_state_t. Of those the type net_conf_t is specified by
the domain_auto_trans() rule for files created under /etc. I can't work out
how dhclient could create a file with the wrong type to the call to
restorecon seems redundant.
which would work from unconfined_t. Rawhide/FC4 policy has the dhcpc policy, so the files will
get created with the correct context and the restorecon can be removed.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=153244
We don't want to use the policy domain_auto_trans(dhcpc_t, restorecon_exec_t, restorecon_t) because restorecon_t is a highly privileged domain that we want to limit access to (every domain that has such a transition should ideally have it's main programs audited).
We don't want to use the policy can_exec(dhcpc_t, restorecon_exec_t) as that will require allowing dhcpc_t to read the policy source which may be regarded as secret (and therefore something that we don't want to give to a program that is always running and has network access).
I think it would be best if dhclient-script did not call restorecon at all.
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
