Re: [PATCH] Do not use /etc/resolv.conf symbolic links on SELinux

On Wed, Sep 28, 2016, at 02:06 PM, Guido Trentalancia wrote:
When SELinux is enabled, do not create a symbolic link to a "resolv.conf"
file outside /etc (e.g. in /var/run/NetworkManager), but instead create a
regular file in /etc.

This is to avoid creating policy permissions to read files in the other
non-standard "resolv.conf" directories for each application that needs to
access the network.

Maybe better to:

1) Standardize e.g. `/run/resolv.conf` and have labeling set up for it
2) Change NetworkManager to label the file as `etc_t` which it likely
   has permission to do so already

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]