diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if index 016d191..28c0734 100644 --- a/policy/modules/services/dnsmasq.if +++ b/policy/modules/services/dnsmasq.if @@ -22,6 +22,25 @@ interface(`dnsmasq_domtrans',` ######################################## ## +## Execute the dnsmasq init script in the init script domain. +## +## +## +## Domain allowed access. +## +## +# +# +interface(`dnsmasq_initrc_domtrans',` + gen_require(` + type dnsmasq_initrc_exec_t; + ') + + init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t) +') + +######################################## +## ## Send dnsmasq a signal ## ## diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te index 3c3e624..1329f4b 100644 --- a/policy/modules/services/dnsmasq.te +++ b/policy/modules/services/dnsmasq.te @@ -1,5 +1,5 @@ -policy_module(dnsmasq, 1.7.2) +policy_module(dnsmasq, 1.7.3) ######################################## # @@ -42,8 +42,7 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t) files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file) kernel_read_kernel_sysctls(dnsmasq_t) -kernel_list_proc(dnsmasq_t) -kernel_read_proc_symlinks(dnsmasq_t) +kernel_read_system_state(dnsmasq_t) corenet_all_recvfrom_unlabeled(dnsmasq_t) corenet_all_recvfrom_netlabel(dnsmasq_t) @@ -88,6 +87,10 @@ optional_policy(` ') optional_policy(` + tftp_read_content(dnsmasq_t) +') + +optional_policy(` udev_read_db(dnsmasq_t) ')