commit: 3c9fbd8f4568196a2e2685b5c66fddf7a68e5fb7 Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> AuthorDate: Sat Oct 18 13:30:20 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Oct 31 15:26:27 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3c9fbd8f
Label /sbin/iw as ifconfig_exec_t iw manpage says "iw - show / manipulate wireless devices and their configuration". Label this command ifconfig_exec_t to allow it to manage wireless communication devices. Debian installs iw in /sbin/iw, Fedora in /usr/sbin/iw and Arch Linux in /usr/bin/iw (with /usr/sbin being a symlink to /usr/bin). --- policy/modules/system/sysnetwork.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index fa7a406..fbb935c 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -48,6 +48,7 @@ ifdef(`distro_redhat',` /sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/iw -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /sbin/iwconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /sbin/mii-tool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /sbin/pump -- gen_context(system_u:object_r:dhcpc_exec_t,s0) @@ -56,6 +57,7 @@ ifdef(`distro_redhat',` # # /usr # +/usr/sbin/iw -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /usr/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0) #
