Steve wrote:
I am attempting to figure out why my dhclient process sometimes gets the correct hostname from the server and sometimes it doesn't. I want to do this by turning on logging and sending the output to a temp file. I am running F9 and so I changed the line in /etc/sysconfig/network-scripts/ifup-eth from:
if /sbin/dhclient ${DHCLIENTARGS} ${DEVICE}; then
if /sbin/dhclient ${DHCLIENTARGS} ${DEVICE} > /var/log/dhclient.log 2>&1; then
after changing the DHCLIENTARGS switch -q to -v. When this runs at boot time I get an empty /var/log/dhclient.log file. When I try to run dhclient manually I get a SELinux denial:
SELinux is preventing dhclient (dhcpc_t) "write" to /var/log/dhclient.log (var_log_t).
OK, that makes sense so what do I have to modify to allow the log file to be written? This is just temporary so I'm hoping that I don't have to modify policies, rule files etc, etc. The simplest thing I can think of is to change to permissive mode but is there a better way?
Another quick workaround is to pipe the output through 'cat' so that
dhclient isn't writing directly to the file, but that gets a bit messy
in the context of the "if ...; then":
/sbin/dhclient ${DHCLIENTARGS} ${DEVICE} 2>&1 | cat >/var/log/dhclient.log
if [ ${PIPESTATUS[0]} = 0 ]; then
.
.
.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
