commit: 58fe42e834b0d4c37c7c3ed246fc30f85bf191e8 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Mon Apr 13 15:36:13 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Apr 13 20:01:45 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=58fe42e8
dnsmasq: allow exec shell for scripts dnsmasq has the --dhcp-script= option to execute scripts when leases are given. dnsmasq needs to have shell access to run these. policy/modules/contrib/dnsmasq.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/contrib/dnsmasq.te b/policy/modules/contrib/dnsmasq.te index e2f8300..b3caf80 100644 --- a/policy/modules/contrib/dnsmasq.te +++ b/policy/modules/contrib/dnsmasq.te @@ -57,6 +57,8 @@ kernel_read_network_state(dnsmasq_t) kernel_read_system_state(dnsmasq_t) kernel_request_load_module(dnsmasq_t) +corecmd_exec_shell(dnsmasq_t) + corenet_all_recvfrom_unlabeled(dnsmasq_t) corenet_all_recvfrom_netlabel(dnsmasq_t) corenet_tcp_sendrecv_generic_if(dnsmasq_t)
