From owner-p4-projects Thu Dec 26 5:47:19 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E9F1C37B405; Thu, 26 Dec 2002 05:47:16 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 829A637B401 for ; Thu, 26 Dec 2002 05:47:16 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34CBE43EEC for ; Thu, 26 Dec 2002 05:47:16 -0800 (PST) (envelope-from cvance@tislabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gBQDlGfh042696 for ; Thu, 26 Dec 2002 05:47:16 -0800 (PST) (envelope-from cvance@tislabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gBQDlFak042693 for perforce@freebsd.org; Thu, 26 Dec 2002 05:47:15 -0800 (PST) Date: Thu, 26 Dec 2002 05:47:15 -0800 (PST) Message-Id: <200212261347.gBQDlFak042693@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cvance@tislabs.com using -f From: Chris Vance Subject: PERFORCE change 22756 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=22756 Change 22756 by cvance@cvance_laptop on 2002/12/26 05:47:01 Modify policy to correctly label /dev/bpf entries, and allow dhclient to read/write to them. Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/dhcpc.te#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/dhcpc.fc#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/genfs_contexts#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/types/device.te#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/dhcpc.te#2 (text+ko) ==== @@ -59,3 +59,6 @@ file_type_auto_trans(dhcpc_t, dhcp_state_t, dhcpc_state_t) can_exec(dhcpc_t, { bin_t shell_exec_t }) + +# Allow dhclient to use /dev/bpf* +allow dhcpc_t bpf_device_t:chr_file rw_file_perms; ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/dhcpc.fc#3 (text+ko) ==== @@ -1,8 +1,6 @@ # dhcpcd /etc/dhcpc.*(/.*)? system_u:object_r:etc_dhcpc_t /etc/dhclient.conf system_u:object_r:etc_dhcpc_t -/etc/dhclient-script system_u:object_r:etc_dhcpc_t -/sbin/dhcpcd system_u:object_r:dhcpc_exec_t +/stand/dhclient.* system_u:object_r:etc_dhcpc_t /sbin/dhclient.* system_u:object_r:dhcpc_exec_t -/var/lib/dhcp system_u:object_r:dhcp_state_t -/var/lib/dhcp/dhclient.* system_u:object_r:dhcpc_state_t +/var/db/dhclient.leases system_u:object_r:dhcpc_state_t ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/genfs_contexts#3 (text+ko) ==== @@ -58,4 +58,5 @@ genfscon devfs /acpi system_u:object_r:apm_bios_t genfscon devfs /sound -c system_u:object_r:sound_device_t genfscon devfs /usb system_u:object_r:usbdevfs_device_t +genfscon devfs /bpf -c system_u:object_r:bpf_device_t # FLASK ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/types/device.te#2 (text+ko) ==== @@ -104,3 +104,7 @@ # Type for /dev/cpu/mtrr type mtrr_device_t, file_type; + +# Type for /dev/bpf* +type bpf_device_t, file_type; + To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message