On 18/07/08 15:32, Christopher J. PeBenito wrote: > On Wed, 2008-06-25 at 17:51 +0100, Martin Orr wrote: >> Without this patch, I see no output from dhclient when it is run during boot. >> There is no avc message because it is dontaudited in init_daemon_domain. >> >> Index: policy/modules/system/sysnetwork.te >> =================================================================== >> --- policy/modules/system/sysnetwork.te.orig >> +++ policy/modules/system/sysnetwork.te >> @@ -126,6 +126,7 @@ >> files_dontaudit_search_locks(dhcpc_t) >> >> init_rw_utmp(dhcpc_t) >> +init_use_fds(dhcpc_t) >> >> logging_send_syslog_msg(dhcpc_t) > > I would think that allowing it to write to the console would be required > to make this work too. If thats the case I'm not sure we want it; I > don't think we want daemons writing to the console. That puzzled me too, and I tracked it down to logging_send_syslog_msg: # cjp: this should most likely be removed: term_use_console($1) I want messages from dhcp specifically to appear on the console, because it takes a long time and can fail e.g. if I knocked the network cable loose, but I suppose that's not enough reason to put it in refpolicy, and I can keep it in my local policy quite happily. -- Martin Orr -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
