* [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix
@ 2018-11-12 8:47 Petr Vorel
2018-11-12 8:47 ` [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager Petr Vorel
2018-11-17 23:50 ` [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Chris PeBenito
0 siblings, 2 replies; 5+ messages in thread
From: Petr Vorel @ 2018-11-12 8:47 UTC (permalink / raw)
To: selinux-refpolicy; +Cc: Petr Vorel, Chris PeBenito, Dan Walsh
+ allow log rotate as well.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Changes v1->v2
* support log rotate patterns (requested by Chris PeBenito)
Changes v2->v3:
* update to current master
---
policy/modules/services/dnsmasq.fc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
index a6d7f115..91c18d46 100644
--- a/policy/modules/services/dnsmasq.fc
+++ b/policy/modules/services/dnsmasq.fc
@@ -16,4 +16,4 @@
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
-/var/log/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
+/var/log/dnsmasq(.*)?\.log(\..+) -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager
2018-11-12 8:47 [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Petr Vorel
@ 2018-11-12 8:47 ` Petr Vorel
2018-11-16 15:12 ` Chris PeBenito
2018-11-17 23:50 ` [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Chris PeBenito
1 sibling, 1 reply; 5+ messages in thread
From: Petr Vorel @ 2018-11-12 8:47 UTC (permalink / raw)
To: selinux-refpolicy; +Cc: Petr Vorel, Chris PeBenito, Dan Walsh
* lxc-net pid and lease files:
/var/run/lxc/dnsmasq.pid
/var/lib/misc/dnsmasq.*.leases
* lxd-bridge pid and lease files:
/var/run/lxd-bridge/dnsmasq.pid
/var/lib/lxd-bridge/dnsmasq.*.leases
/var/lib/lxd/networks/*/dnsmasq.leases
/var/lib/lxd/networks/*/dnsmasq.pid
* NetworkManager pid, lease and configuration files:
/var/lib/NetworkManager/dnsmasq-*.leases
/run/nm-dns-dnsmasq.conf
/run/nm-dnsmasq-*.pid
/run/sendsigs.omit.d/*dnsmasq.pid
/run/NetworkManager/dnsmasq.conf
/run/NetworkManager/dnsmasq.pid
+ sort /var/lib/ lines.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Changes v2->v3:
* more sorting
Changes v1->v2
* fix sorting (requested by Chris PeBenito)
* fix missing dot escapes (requested by Chris PeBenito)
* change some stars to plus
---
policy/modules/services/dnsmasq.fc | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
index 91c18d46..7df6e973 100644
--- a/policy/modules/services/dnsmasq.fc
+++ b/policy/modules/services/dnsmasq.fc
@@ -5,6 +5,11 @@
/run/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/run/(lxc|lxd-bridge|NetworkManager)/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/run/NetworkManager/dnsmasq\.conf gen_context(system_u:object_r:dnsmasq_etc_t,s0)
+/run/nm-dns-dnsmasq\.conf gen_context(system_u:object_r:dnsmasq_etc_t,s0)
+/run/nm-dnsmasq-.+\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/run/sendsigs\.omit\.d/.*dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
/usr/bin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
@@ -13,7 +18,11 @@
/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
-/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+/var/lib/lxd-bridge/dnsmasq\..+\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+/var/lib/lxd/networks/\.*/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+/var/lib/lxd/networks/\.+/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/var/lib/misc/dnsmasq(\..+)?\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+/var/lib/NetworkManager/dnsmasq-.+\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/log/dnsmasq(.*)?\.log(\..+) -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager
2018-11-12 8:47 ` [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager Petr Vorel
@ 2018-11-16 15:12 ` Chris PeBenito
2018-11-17 6:13 ` Petr Vorel
0 siblings, 1 reply; 5+ messages in thread
From: Chris PeBenito @ 2018-11-16 15:12 UTC (permalink / raw)
To: Petr Vorel, selinux-refpolicy; +Cc: Dan Walsh
On 11/12/18 3:47 AM, Petr Vorel wrote:
> * lxc-net pid and lease files:
> /var/run/lxc/dnsmasq.pid
> /var/lib/misc/dnsmasq.*.leases
>
> * lxd-bridge pid and lease files:
> /var/run/lxd-bridge/dnsmasq.pid
> /var/lib/lxd-bridge/dnsmasq.*.leases
> /var/lib/lxd/networks/*/dnsmasq.leases
> /var/lib/lxd/networks/*/dnsmasq.pid
>
> * NetworkManager pid, lease and configuration files:
> /var/lib/NetworkManager/dnsmasq-*.leases
> /run/nm-dns-dnsmasq.conf
> /run/nm-dnsmasq-*.pid
> /run/sendsigs.omit.d/*dnsmasq.pid
> /run/NetworkManager/dnsmasq.conf
> /run/NetworkManager/dnsmasq.pid
>
> + sort /var/lib/ lines.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Changes v2->v3:
> * more sorting
>
> Changes v1->v2
> * fix sorting (requested by Chris PeBenito)
> * fix missing dot escapes (requested by Chris PeBenito)
> * change some stars to plus
> ---
> policy/modules/services/dnsmasq.fc | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
> index 91c18d46..7df6e973 100644
> --- a/policy/modules/services/dnsmasq.fc
> +++ b/policy/modules/services/dnsmasq.fc
> @@ -5,6 +5,11 @@
>
> /run/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
> /run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
> +/run/(lxc|lxd-bridge|NetworkManager)/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
> +/run/NetworkManager/dnsmasq\.conf gen_context(system_u:object_r:dnsmasq_etc_t,s0)
> +/run/nm-dns-dnsmasq\.conf gen_context(system_u:object_r:dnsmasq_etc_t,s0)
> +/run/nm-dnsmasq-.+\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
> +/run/sendsigs\.omit\.d/.*dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
>
> /usr/bin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
>
> @@ -13,7 +18,11 @@
>
> /usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
>
> -/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> +/var/lib/lxd-bridge/dnsmasq\..+\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> +/var/lib/lxd/networks/\.*/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> +/var/lib/lxd/networks/\.+/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
> +/var/lib/misc/dnsmasq(\..+)?\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> +/var/lib/NetworkManager/dnsmasq-.+\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
>
> /var/log/dnsmasq(.*)?\.log(\..+) -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
I got this error:
/sbin/setfiles: file_contexts: Multiple different specifications for
/run/nm-dns-dnsmasq\.conf
(system_u:object_r:NetworkManager_var_run_t:s0 and
system_u:object_r:dnsmasq_etc_t:s0).
This made me think about this patch more. Is NetworkManager creating
these config files?
--
Chris PeBenito
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager
2018-11-16 15:12 ` Chris PeBenito
@ 2018-11-17 6:13 ` Petr Vorel
0 siblings, 0 replies; 5+ messages in thread
From: Petr Vorel @ 2018-11-17 6:13 UTC (permalink / raw)
To: Chris PeBenito; +Cc: selinux-refpolicy, Dan Walsh
Hi,
> I got this error:
> /sbin/setfiles: file_contexts: Multiple different specifications for
> /run/nm-dns-dnsmasq\.conf (system_u:object_r:NetworkManager_var_run_t:s0 and
> system_u:object_r:dnsmasq_etc_t:s0).
> This made me think about this patch more. Is NetworkManager creating these
> config files?
I'm sorry for wrong patch, drop this one. Old NetworkManager commit
d82669d3f ("build: unify NetworkManager path handling (some paths are changed)")
deprecated some locations:
/var/run/NetworkManager.pid -> /var/run/NetworkManager/NetworkManager.pid
/var/run/nm-dns-dnsmasq.pid -> /var/run/NetworkManager/dnsmasq.pid
/var/run/nm-dns-dnsmasq.conf -> /var/run/NetworkManager/dnsmasq.conf
I'll verify patch further and prepare v4 with fixed paths.
But maybe first patch could be accepted.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix
2018-11-12 8:47 [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Petr Vorel
2018-11-12 8:47 ` [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager Petr Vorel
@ 2018-11-17 23:50 ` Chris PeBenito
1 sibling, 0 replies; 5+ messages in thread
From: Chris PeBenito @ 2018-11-17 23:50 UTC (permalink / raw)
To: Petr Vorel, selinux-refpolicy; +Cc: Dan Walsh
On 11/12/18 3:47 AM, Petr Vorel wrote:
> + allow log rotate as well.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Changes v1->v2
> * support log rotate patterns (requested by Chris PeBenito)
>
> Changes v2->v3:
> * update to current master
> ---
> policy/modules/services/dnsmasq.fc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
> index a6d7f115..91c18d46 100644
> --- a/policy/modules/services/dnsmasq.fc
> +++ b/policy/modules/services/dnsmasq.fc
> @@ -16,4 +16,4 @@
> /var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
> /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
>
> -/var/log/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
> +/var/log/dnsmasq(.*)?\.log(\..+) -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-11-17 23:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-12 8:47 [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Petr Vorel
2018-11-12 8:47 ` [PATCH v3 2/2] dnsmasq: Add support for lxc-net, lxd-bridge, NetworkManager Petr Vorel
2018-11-16 15:12 ` Chris PeBenito
2018-11-17 6:13 ` Petr Vorel
2018-11-17 23:50 ` [PATCH v3 1/2] dnsmasq: Require log files to have .log suffix Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.