From b1599e01fe3f3e7a1c2048d1c466e3e842952924 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Fri, 27 Sep 2013 11:35:41 +0200 Subject: [PATCH] sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd) Upstream-Status: backport Signed-off-by: Dominick Grift --- policy/modules/system/sysnetwork.te | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index f9dce11..67709b5 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -111,7 +111,9 @@ corenet_tcp_bind_dhcpc_port(dhcpc_t) corenet_udp_bind_dhcpc_port(dhcpc_t) corenet_tcp_connect_all_ports(dhcpc_t) corenet_sendrecv_dhcpd_client_packets(dhcpc_t) -corenet_sendrecv_dhcpc_server_packets(dhcpc_t) + +corenet_sendrecv_all_server_packets(dhcpc_t) +corenet_udp_bind_all_unreserved_ports(dhcpc_t) dev_read_sysfs(dhcpc_t) # for SSP: @@ -313,6 +315,8 @@ modutils_domtrans_insmod(ifconfig_t) seutil_use_runinit_fds(ifconfig_t) +sysnet_dontaudit_rw_dhcpc_udp_sockets(ifconfig_t) + userdom_use_user_terminals(ifconfig_t) userdom_use_all_users_fds(ifconfig_t) -- 1.7.10.4