On 9 Dec 2016 16:29, "Robert Sharp" <seli...@sharp.homelinux.org> wrote:
Just updated all my SELinux policies to 20161023-r1 as they are now stable, which undid one little fix, so I thought I would mention it. Sysnetwork.te does not cover the possibility that dhcpcd may run resolvconf from the dhcpc_script_t domain, which it seems is how my dhcpcd works. This is fixed by adding: optional_policy(` resolvconf_client_domain(dhcpc_script_t) ') to the dhcpc_script policy (end of the file). It seems like a reasonable addition, given the same policy applies to the dhcpc_t domain. Not sure if this sort of proposal should be filed as a bug or just raised here? Robert Sharp Can you file a bug on bugs.gentoo.org and say this and also list the AVCs you get from audit.log? I have already prepared the -r2 release just haven't pushed it to the repo yet so I probably won't add to that cuz I don't want to do it last min. The -r2 policies will be out as soon as I figure out why the 4.8 kernel isn't booting for me. Thanks! Jason