[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: dhclient-script avc error f7

From: Tim Fenn <fenn stanford edu>
To: Tim Fenn <fenn stanford edu>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: dhclient-script avc error f7
Date: Wed, 3 Oct 2007 14:56:53 -0700

On Tue, 2 Oct 2007 11:07:09 -0700 Tim Fenn <fenn stanford edu> wrote:

> 
> I recently dove into policy writing, but will rewrite my policy based
> on the domain transfer suggestion and report back once I have
> something working.
> 

Here is the policy I cooked up:

<policy>
policy_module(mydhcp,1.0.0)

########################################
#
# Declarations
#
require {
        type dhcpc_t;
        type insmod_t;
        type iptables_t;
        class rawip_socket { read write };
}

iptables_domtrans(dhcpc_t)

#============= insmod_t ==============
allow insmod_t iptables_t:rawip_socket { read write };
</policy>

Not sure if it would be best to transfer iptables_t to modutils here?

-Tim

-- 
---------------------------------------------------------

        Tim Fenn
        fenn stanford edu
        Stanford University, School of Medicine
        James H. Clark Center
        318 Campus Drive, Room E300
        Stanford, CA  94305-5432
        Phone:  (650) 736-1714
        FAX:  (650) 736-1961

---------------------------------------------------------

Follow-Ups:
- Re: dhclient-script avc error f7
  - From: Daniel J Walsh

References:
- Re: dhclient-script avc error f7
  - From: Daniel J Walsh
- Re: dhclient-script avc error f7
  - From: Tim Fenn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]