Jonathan Underwood wrote:
On 31/01/06, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Looks like the problem here is hooking the dhclient program. This
causes the firestarter script to run in dhclient mode, and dhclient is
not allowed to do modutil and iptables.
So what would be the correct approach to remedying this? Change to
SElinux policy for dhclient? Request that firestarter change to not
run in dhclient mode?
That would be my preference.
Presumably the latter would require a new policy
to be written for firestarter?
You could write a new policy for firestarter which dhclient could
transition to. Giving these privs to dhclient would be very
dangerous.
TIA,
Jonathan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
