Merge pull request #549 from yizhao1/dhcpcd-fixes

Dhcpcd fixes

Author: pebenito

policy/modules/system/sysnetwork.te

@@ -61,11 +61,11 @@ ifdef(`distro_debian',`
 #
 # DHCP client local policy
 #
-allow dhcpc_t self:capability { dac_override fsetid net_admin net_bind_service net_raw setpcap sys_nice sys_resource sys_tty_config };
+allow dhcpc_t self:capability { dac_override fsetid net_admin net_bind_service net_raw setgid setpcap setuid sys_chroot sys_nice sys_resource sys_tty_config };
 dontaudit dhcpc_t self:capability { sys_ptrace sys_tty_config };
 # for access("/etc/bashrc", X_OK) on Red Hat
 dontaudit dhcpc_t self:capability { dac_read_search sys_module };
-allow dhcpc_t self:process { getsched getcap setcap setfscreate ptrace signal_perms };
+allow dhcpc_t self:process { getsched getcap setcap setfscreate ptrace signal_perms setrlimit };
 allow dhcpc_t self:cap_userns { net_bind_service };
 
 allow dhcpc_t self:fifo_file rw_fifo_file_perms;
@@ -149,6 +149,7 @@ files_getattr_generic_locks(dhcpc_t)
 files_manage_var_files(dhcpc_t)
 
 fs_getattr_all_fs(dhcpc_t)
+fs_getattr_nsfs_files(dhcpc_t)
 fs_search_auto_mountpoints(dhcpc_t)
 fs_search_cgroup_dirs(dhcpc_t)
 
@@ -186,6 +187,10 @@ ifdef(`init_systemd',`
 	init_stream_connect(dhcpc_t)
 	init_get_all_units_status(dhcpc_t)
 	init_search_units(dhcpc_t)
+
+	optional_policy(`
+		systemd_dbus_chat_resolved(dhcpc_t)
+	')
 ')
 
 optional_policy(`

policy/modules/system/systemd.te

@@ -1422,6 +1422,7 @@ allow systemd_resolved_t systemd_networkd_runtime_t:dir watch;
 
 manage_dirs_pattern(systemd_resolved_t, systemd_resolved_runtime_t, systemd_resolved_runtime_t)
 manage_files_pattern(systemd_resolved_t, systemd_resolved_runtime_t, systemd_resolved_runtime_t)
+manage_lnk_files_pattern(systemd_resolved_t, systemd_resolved_runtime_t, systemd_resolved_runtime_t)
 manage_sock_files_pattern(systemd_resolved_t, systemd_resolved_runtime_t, systemd_resolved_runtime_t)
 init_runtime_filetrans(systemd_resolved_t, systemd_resolved_runtime_t, dir)