Date: Thu, 26 Dec 2002 05:47:15 -0800 (PST) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 22756 for review Message-ID: <200212261347.gBQDlFak042693@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=22756 Change 22756 by cvance@cvance_laptop on 2002/12/26 05:47:01 Modify policy to correctly label /dev/bpf entries, and allow dhclient to read/write to them. Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/dhcpc.te#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/dhcpc.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/genfs_contexts#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/types/device.te#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/dhcpc.te#2 (text+ko) ==== @@ -59,3 +59,6 @@ file_type_auto_trans(dhcpc_t, dhcp_state_t, dhcpc_state_t) can_exec(dhcpc_t, { bin_t shell_exec_t }) + +# Allow dhclient to use /dev/bpf* +allow dhcpc_t bpf_device_t:chr_file rw_file_perms; ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/dhcpc.fc#3 (text+ko) ==== @@ -1,8 +1,6 @@ # dhcpcd /etc/dhcpc.*(/.*)? system_u:object_r:etc_dhcpc_t /etc/dhclient.conf system_u:object_r:etc_dhcpc_t -/etc/dhclient-script system_u:object_r:etc_dhcpc_t -/sbin/dhcpcd system_u:object_r:dhcpc_exec_t +/stand/dhclient.* system_u:object_r:etc_dhcpc_t /sbin/dhclient.* system_u:object_r:dhcpc_exec_t -/var/lib/dhcp system_u:object_r:dhcp_state_t -/var/lib/dhcp/dhclient.* system_u:object_r:dhcpc_state_t +/var/db/dhclient.leases system_u:object_r:dhcpc_state_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/genfs_contexts#3 (text+ko) ==== @@ -58,4 +58,5 @@ genfscon devfs /acpi system_u:object_r:apm_bios_t genfscon devfs /sound -c system_u:object_r:sound_device_t genfscon devfs /usb system_u:object_r:usbdevfs_device_t +genfscon devfs /bpf -c system_u:object_r:bpf_device_t # FLASK ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/types/device.te#2 (text+ko) ==== @@ -104,3 +104,7 @@ # Type for /dev/cpu/mtrr type mtrr_device_t, file_type; + +# Type for /dev/bpf* +type bpf_device_t, file_type; + To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212261347.gBQDlFak042693>