Created attachment 456168 [details] AVCs for resolvconf The policy covering dhcp clients is defined in system/sysnetwork.te and covers the case were the client runs resolvconf (net-dns/openresolv) from within its own domain (dhcpc_t). However, it appears that net-misc/dhcpcd runs resolvconf from the dhcpc_script_t domain, which is not anticipated in the policy and as a result it does not transition to an accepted domain: type=AVC msg=audit(1480827246.554:34865): avc: denied { open } for pid=16908 comm="resolvconf" path="/proc/meminfo" dev="proc" ino=4026531989 scontext=system_u:system_r:resolvconf_t tcontext=system_u:object_r:proc_t tclass=file permissive=1 A list of the resolvconf AVCs generated is attached. Unfortunately, this does not include the AVCs from dhcpc direct, but hopefully it is enough. The problem can be fixed by including the following in sysnetwork.te, which is already included for the dhcpc_t domain: > optional_policy(` > resolvconf_client_domain(dhcpc_script_t) > ') With this change, dhcpcd runs without raising any AVCs.
in master now.
-r4 is in ~arch
The 2.20170204-r2 release is now stable (which includes the 2.20161023-r4 changes).
