On 9 Dec 2016 16:29, "Robert Sharp" <seli...@sharp.homelinux.org> wrote:
Just updated all my SELinux policies to 20161023-r1 as they are now stable,
which undid one little fix, so I thought I would mention it.
Sysnetwork.te does not cover the possibility that dhcpcd may run resolvconf
from the dhcpc_script_t domain, which it seems is how my dhcpcd works. This
is fixed by adding:
optional_policy(`
resolvconf_client_domain(dhcpc_script_t)
')
to the dhcpc_script policy (end of the file). It seems like a reasonable
addition, given the same policy applies to the dhcpc_t domain.
Not sure if this sort of proposal should be filed as a bug or just raised
here?
Robert Sharp
Can you file a bug on bugs.gentoo.org and say this and also list the AVCs
you get from audit.log?
I have already prepared the -r2 release just haven't pushed it to the repo
yet so I probably won't add to that cuz I don't want to do it last min. The
-r2 policies will be out as soon as I figure out why the 4.8 kernel isn't
booting for me.
Thanks!
Jason
