Re: [PATCH] Do not use /etc/resolv.conf symbolic links on SELinux

From: Colin Walters <walters verbum org>
To: Guido Trentalancia <guido trentalancia net>, networkmanager-list gnome org
Subject: Re: [PATCH] Do not use /etc/resolv.conf symbolic links on SELinux
Date: Wed, 28 Sep 2016 17:44:01 -0400



On Wed, Sep 28, 2016, at 02:06 PM, Guido Trentalancia wrote:

When SELinux is enabled, do not create a symbolic link to a "resolv.conf"
file outside /etc (e.g. in /var/run/NetworkManager), but instead create a
regular file in /etc.

This is to avoid creating policy permissions to read files in the other
non-standard "resolv.conf" directories for each application that needs to
access the network.


Maybe better to:

1) Standardize e.g. `/run/resolv.conf` and have labeling set up for it
2) Change NetworkManager to label the file as `etc_t` which it likely
   has permission to do so already

Follow-Ups:
- Re: [PATCH] Do not use /etc/resolv.conf symbolic links on SELinux
  - From: Guido Trentalancia

References:
- [PATCH] Do not use /etc/resolv.conf symbolic links on SELinux
  - From: Guido Trentalancia

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]