Re: avc: denied { write } for pid=5267 comm="dhcpd" name="dhcpd.pid"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- On Sat, 11/15/08, Paul Howarth <paul@xxxxxxxxxxxx> wrote:

> From: Paul Howarth <paul@xxxxxxxxxxxx>
> Subject: Re: avc: denied { write } for pid=5267 comm="dhcpd" name="dhcpd.pid"
> To: olivares14031@xxxxxxxxx
> Cc: fedora-selinux-list@xxxxxxxxxx
> Date: Saturday, November 15, 2008, 12:54 AM
> On Fri, 14 Nov 2008 18:10:16 -0800 (PST)
> Antonio Olivares <olivares14031@xxxxxxxxx> wrote:
> 
> > Dear fellow selinux experts,
> > 
> > I am trying to make one of my machines a dhcp server
> to connect other
> > machines to the internet, see thread in Fedora list if
> applicable, I
> > have achieved a breakthrough, but selinux denies it :(
>  
> > 
> > [root@localhost ~]# dhcpd -f
> > Internet Systems Consortium DHCP Server 4.0.0
> > Copyright 2004-2007 Internet Systems Consortium.
> > All rights reserved.
> > For info, please visit http://www.isc.org/sw/dhcp/
> > Warning: subnet 10.154.19.0/27 overlaps subnet
> 10.154.19.0/24
> > Not searching LDAP since ldap-server, ldap-port and
> ldap-base-dn were
> > not specified in the config file Wrote 0 leases to
> leases file.
> > Listening on LPF/eth0/00:0e:a6:42:59:af/10.154.19.0/24
> > Sending on   LPF/eth0/00:0e:a6:42:59:af/10.154.19.0/24
> > Sending on   Socket/fallback/fallback-net
> > ^C
> > [root@localhost ~]# service dhcpd stop
> > [root@localhost ~]# service dhcpd start
> > Starting dhcpd:                                       
>     [  OK  ]
> > 
> > 
> >  but now selinux gets in the way :(
> > 
> > Nov 14 20:03:40 localhost kernel: type=1400
> > audit(1226714620.135:183): avc:  denied  { read } for 
> pid=5267
> > comm="dhcpd" name="dhcpd.pid"
> dev=dm-0 ino=3244731
> > scontext=unconfined_u:system_r:dhcpd_t:s0
> > tcontext=unconfined_u:object_r:var_run_t:s0
> tclass=file Nov 14
> > 20:03:40 localhost kernel: type=1400
> audit(1226714620.135:184): avc:
> > denied  { write } for  pid=5267 comm="dhcpd"
> name="dhcpd.pid"
> > dev=dm-0
> ino=3244731scontext=unconfined_u:system_r:dhcpd_t:s0
> > tcontext=unconfined_u:object_r:var_run_t:s0
> tclass=file Nov 14
> > 20:03:40 localhost dhcpd: Can't create PID file
> /var/run/dhcpd.pid:
> > Permission denied.
> > 
> > How can I allow it to work?  
> > 
> > Setroubleshoot has not kicked in to warn me so I do
> not know a fix as
> > of this moment :(  
> 
> /var/run/dhcpd.pid should be dhcpd_var_run_t, not
> var_run_t.
> 
> Try:
> # restorecon -v /var/run /var/run/dhcpd.pid
> 
> Paul.
Thanks, I will try that later today.

Regards,

Antonio 


      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux