[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SElinux and firestarter

From: Daniel J Walsh <dwalsh redhat com>
To: Jonathan Underwood <jonathan underwood gmail com>
Cc: fedora-selinux-list redhat com
Subject: Re: SElinux and firestarter
Date: Wed, 01 Feb 2006 08:58:27 -0500

Jonathan Underwood wrote:

On 31/01/06, Daniel J Walsh <dwalsh redhat com> wrote:

Looks like the problem here is hooking the dhclient program.  This
causes the firestarter script to run in dhclient mode,  and dhclient is
not allowed to do modutil and iptables.


So what would be the correct approach to remedying this? Change to
SElinux policy for dhclient? Request that firestarter change to not

run in dhclient mode?

That would be my preference.

Presumably the latter would require a new policy
to be written for firestarter?

You could write a new policy for firestarter which dhclient couldtransition to. Giving these privs to dhclient would be very

dangerous.

TIA,
Jonathan

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

References:
- Re: SElinux and firestarter
  - From: Jonathan Underwood

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]