On Tue, 02 Oct 2007 09:05:13 -0400 Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tim Fenn wrote: > > I recently upgraded a machine from FC6 to F7, and I used to use a > > /etc/dhclient-exit-hooks script to call some iptables functions > > after bringing up my external interface. This used to work on FC6 > > as long as I setsebool -P dhcpc_disable_trans 1, but the policy in > > F7 no longer contains such a boolean, so dhclient-script is > > prevented from getattr/executing iptables. Is there a simple fix > > to this, or do I need to write a policy and compile it? If the > > latter, any pointers on what the policy file should contain? > > > > You have inspired me to blog. > > http://danwalsh.livejournal.com/13116.html Great horney toads, what have I done? ;) Thanks for the feedback Dan, its always appreciated (and thanks for pointing out the error in my previous ways). I recently dove into policy writing, but will rewrite my policy based on the domain transfer suggestion and report back once I have something working. Regards, -Tim -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
