## ##

Policy for network configuration: ifconfig and dhcp client.

####################################### ## ## ## Execute dhcp client in dhcpc domain. ## ## ## The type of the process performing this action. ## ## # define(`sysnet_domtrans_dhcpc',` gen_require(` type dhcpc_t, dhcpc_exec_t; class process sigchld; class fd use; class fifo_file rw_file_perms; ') corecmd_search_sbin($1) domain_auto_trans($1, dhcpc_exec_t, dhcpc_t) allow $1 dhcpc_t:fd use; allow dhcpc_t $1:fd use; allow dhcpc_t $1:fifo_file rw_file_perms; allow dhcpc_t $1:process sigchld; ') ####################################### ## ## ## Execute ifconfig in the ifconfig domain. ## ## ## The type of the process performing this action. ## ## # define(`sysnet_domtrans_ifconfig',` gen_require(` type ifconfig_t, ifconfig_exec_t; class process sigchld; class fd use; class fifo_file rw_file_perms; ') corecmd_search_sbin($1) domain_auto_trans($1, ifconfig_exec_t, ifconfig_t) allow $1 ifconfig_t:fd use; allow ifconfig_t $1:fd use; allow ifconfig_t $1:fifo_file rw_file_perms; allow ifconfig_t $1:process sigchld; ') ######################################## ## ## ## Execute ifconfig in the ifconfig domain, and ## allow the specified role the ifconfig domain, ## and use the caller's terminal. ## ## ## The type of the process performing this action. ## ## ## The role to be allowed the ifconfig domain. ## ## ## The type of the terminal allow the ifconfig domain to use. ## ## # define(`sysnet_run_ifconfig',` gen_require(` type ifconfig_t; class chr_file rw_term_perms; ') corecmd_search_sbin($1) sysnet_domtrans_ifconfig($1) role $2 types ifconfig_t; allow ifconfig_t $3:chr_file rw_term_perms; ') ####################################### ## ## ## Allow network init to read network config files. ## ## ## The type of the process performing this action. ## ## # define(`sysnet_read_config',` gen_require(` type net_conf_t; class file r_file_perms; ') files_search_etc($1) allow $1 net_conf_t:file r_file_perms; ') ##