the idea is to have /var/lib/dhcp in var_lib_t and both dhcpc_t and dhcpd_t in var_lib_domain(). this aproach very simplifies very much the policy given the fact that /var/lib/dhcp is used by both server and client.
Created attachment 23133 [details] file contexts
Created attachment 23134 [details] type enforcement
the /var/lib/dhcp modifications were needed by #37180. since I don't use a dhcp client, can someone please test this policy if it breaks something? ;)
I don't understand the point of this. It seems unlikely that the client and server would be running on the same machine. Even if they are, var_lib_t is inappropriate. You should use a ifdef or ifelse trick to declare the type for the directory. For example, the client policy file should always declare the type for the directory, and then the server policy file should only declare the type for the directory, only if the client policy isn't being used.
since you don't like it ... changing dhcpd.te (#37180) to reflect the new situation
