Re: dhclient-script avc error f7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2 Oct 2007 11:07:09 -0700 Tim Fenn <fenn@xxxxxxxxxxxx> wrote:

> 
> I recently dove into policy writing, but will rewrite my policy based
> on the domain transfer suggestion and report back once I have
> something working.
> 

Here is the policy I cooked up:

<policy>
policy_module(mydhcp,1.0.0)

########################################
#
# Declarations
#
require {
        type dhcpc_t;
        type insmod_t;
        type iptables_t;
        class rawip_socket { read write };
}

iptables_domtrans(dhcpc_t)

#============= insmod_t ==============
allow insmod_t iptables_t:rawip_socket { read write };
</policy>

Not sure if it would be best to transfer iptables_t to modutils here?

-Tim

-- 
---------------------------------------------------------

        Tim Fenn
        fenn@xxxxxxxxxxxx
        Stanford University, School of Medicine
        James H. Clark Center
        318 Campus Drive, Room E300
        Stanford, CA  94305-5432
        Phone:  (650) 736-1714
        FAX:  (650) 736-1961

---------------------------------------------------------

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux