Bug 37180

Summary:

net-misc/dhcp policy files

Product:

Gentoo Security

Reporter:

petre rodan (RETIRED) <kaiowas>

Component:

Vulnerabilities

Assignee:

Chris PeBenito (RETIRED) <pebenito>

Status:

RESOLVED TEST-REQUEST

Severity:

normal

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

Whiteboard:

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
file_contexts	none
type enforcement	none
file_contexts	none
type_enforcement	none

Description petre rodan (RETIRED) gentoo-dev

2004-01-04 04:50:46 UTC

dhcp server policy

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-01-04 04:51:10 UTC

Created attachment 23131 [details]
file_contexts

Comment 2 petre rodan (RETIRED) gentoo-dev

2004-01-04 04:51:38 UTC

Created attachment 23132 [details]
type enforcement

Comment 3 petre rodan (RETIRED) gentoo-dev

2004-01-11 08:33:28 UTC

Created attachment 23600 [details]
file_contexts

/var/lib/dhcp is once again system_u:object_r:dhcp_state_t :(

Comment 4 petre rodan (RETIRED) gentoo-dev

2004-01-11 08:34:47 UTC

Created attachment 23601 [details]
type_enforcement

system_u:object_r:dhcp_state_t back in business.
chaos restored. ;)

Comment 5 Chris PeBenito (RETIRED) gentoo-dev

2004-01-15 13:01:00 UTC

I changed etc_dhcp_t to dhcp_etc_t.  committed to policy cvs

Comment 6 Chris PeBenito (RETIRED) gentoo-dev

2004-01-16 19:48:13 UTC

committed to portage

Comment 7 petre rodan (RETIRED) gentoo-dev

2004-01-18 10:57:49 UTC

hmm, no good

# make reload
mkdir -p tmp
( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) > tmp/program_used_flags.te
( cd domains/misc/ ; for n in *.te ; do echo "define(\`$n')"; done ) >> tmp/program_used_flags.te
cat domains/*.te domains/misc/*.te domains/program/*.te > tmp/all_domains.te
cat attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te > tmp/all.te
m4 -Imacros -s tmp/all.te rbac > tmp/te-rbac.m4
m4 -Imacros -s tmp/program_used_flags.te tmp/all_macros.te constraints initial_sid_contexts fs_use genfs_contexts net_contexts > tmp/constraints-contexts.m4
mkdir -p tmp
cat flask/security_classes flask/initial_sids flask/access_vectors tmp/te-rbac.m4 users tmp/constraints-contexts.m4 > policy.conf
mkdir -p /etc/security/selinux/src
install -m 644 -o root -g root policy.conf /etc/security/selinux/src/policy.conf
mkdir -p /etc/security/selinux
/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf
/usr/bin/checkpolicy:  loading policy configuration from /etc/security/selinux/src/policy.conf
ERROR 'name conflict for type alias dhcpc_etc_t' at token ';' on line 30451:

type dhcp_etc_t alias { dhcpc_etc_t dhcpd_etc_t }, file_type, sysadmfile;
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [/etc/security/selinux/policy.15] Error 1
-------------

dhcpc_etc_t is being defined in the basepolicy (dhcpc.te)

so I would remove dhcpc_etc_t from the alias and insert etc_dhcpd_t for compatibility (as Stephen suggested on the selinux list). 
or at least remove the dhcpc part ...

-type dhcp_etc_t alias { dhcpc_etc_t dhcpd_etc_t }, file_type, sysadmfile;
+type dhcp_etc_t alias { etc_dhcpd_t dhcpd_etc_t }, file_type, sysadmfile;

bye,
peter