37180 – net-misc/dhcp policy files

Bug 37180 - net-misc/dhcp policy files

Summary: net-misc/dhcp policy files

Status:	RESOLVED TEST-REQUEST

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Chris PeBenito (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-01-04 04:50 UTC by petre rodan (RETIRED)
Modified:	2011-10-30 22:39 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
file_contexts (dhcpd.fc,1.09 KB, text/plain) 2004-01-04 04:51 UTC, petre rodan (RETIRED)	no flags	Details
type enforcement (dhcpd.te,2.25 KB, text/plain) 2004-01-04 04:51 UTC, petre rodan (RETIRED)	no flags	Details
file_contexts (dhcpd.fc,1.14 KB, text/plain) 2004-01-11 08:33 UTC, petre rodan (RETIRED)	no flags	Details
type_enforcement (dhcpd.te,2.43 KB, text/plain) 2004-01-11 08:34 UTC, petre rodan (RETIRED)	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description petre rodan (RETIRED) gentoo-dev

2004-01-04 04:50:46 UTC

dhcp server policy

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-01-04 04:51:10 UTC

Created attachment 23131 [details]
file_contexts

Comment 2 petre rodan (RETIRED) gentoo-dev

2004-01-04 04:51:38 UTC

Created attachment 23132 [details]
type enforcement

Comment 3 petre rodan (RETIRED) gentoo-dev

2004-01-11 08:33:28 UTC

Created attachment 23600 [details]
file_contexts

/var/lib/dhcp is once again system_u:object_r:dhcp_state_t :(

Comment 4 petre rodan (RETIRED) gentoo-dev

2004-01-11 08:34:47 UTC

Created attachment 23601 [details]
type_enforcement

system_u:object_r:dhcp_state_t back in business.
chaos restored. ;)

Comment 5 Chris PeBenito (RETIRED) gentoo-dev

2004-01-15 13:01:00 UTC

I changed etc_dhcp_t to dhcp_etc_t.  committed to policy cvs

Comment 6 Chris PeBenito (RETIRED) gentoo-dev

2004-01-16 19:48:13 UTC

committed to portage

Comment 7 petre rodan (RETIRED) gentoo-dev

2004-01-18 10:57:49 UTC

hmm, no good

# make reload
mkdir -p tmp
( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) > tmp/program_used_flags.te
( cd domains/misc/ ; for n in *.te ; do echo "define(\`$n')"; done ) >> tmp/program_used_flags.te
cat domains/*.te domains/misc/*.te domains/program/*.te > tmp/all_domains.te
cat attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te > tmp/all.te
m4 -Imacros -s tmp/all.te rbac > tmp/te-rbac.m4
m4 -Imacros -s tmp/program_used_flags.te tmp/all_macros.te constraints initial_sid_contexts fs_use genfs_contexts net_contexts > tmp/constraints-contexts.m4
mkdir -p tmp
cat flask/security_classes flask/initial_sids flask/access_vectors tmp/te-rbac.m4 users tmp/constraints-contexts.m4 > policy.conf
mkdir -p /etc/security/selinux/src
install -m 644 -o root -g root policy.conf /etc/security/selinux/src/policy.conf
mkdir -p /etc/security/selinux
/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf
/usr/bin/checkpolicy:  loading policy configuration from /etc/security/selinux/src/policy.conf
ERROR 'name conflict for type alias dhcpc_etc_t' at token ';' on line 30451:

type dhcp_etc_t alias { dhcpc_etc_t dhcpd_etc_t }, file_type, sysadmfile;
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [/etc/security/selinux/policy.15] Error 1
-------------

dhcpc_etc_t is being defined in the basepolicy (dhcpc.te)

so I would remove dhcpc_etc_t from the alias and insert etc_dhcpd_t for compatibility (as Stephen suggested on the selinux list). 
or at least remove the dhcpc part ...

-type dhcp_etc_t alias { dhcpc_etc_t dhcpd_etc_t }, file_type, sysadmfile;
+type dhcp_etc_t alias { etc_dhcpd_t dhcpd_etc_t }, file_type, sysadmfile;

bye,
peter