SElinux and firestarter
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 1 13:58:27 UTC 2006
Jonathan Underwood wrote:
> On 31/01/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> Looks like the problem here is hooking the dhclient program. This
>> causes the firestarter script to run in dhclient mode, and dhclient is
>> not allowed to do modutil and iptables.
>>
>
> So what would be the correct approach to remedying this? Change to
> SElinux policy for dhclient? Request that firestarter change to not
> run in dhclient mode?
That would be my preference.
> Presumably the latter would require a new policy
> to be written for firestarter?
>
You could write a new policy for firestarter which dhclient could
transition to. Giving these privs to dhclient would be very
dangerous.
> TIA,
> Jonathan
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list