Re: dhcpd_t needs efs_port_t:socket name_bind

[Shintaro Fujiwara <shintaro.fujiwara@xxxxxxxxx>]

Thanks for reply, Miroslav.

Yes, I'm testing DHCP failover.

I got more errors on primary and secondary.

it goes like this I show you as audit2allow -M results,

on the primary DHCP server,

allow dhcpd_t hi_reserved_port_t:tcp_socket name_bind;

on the secondary DHCP server,

allow dhcpd_t efs_port_t:tcp_socket name_bind;

allow dhcpd_t hi_reserved_port_t:tcp_socket name_bind;

Can we set a boolean to allow these when using DHCP failover?

It's really needed when you have two DHCP servers in same network, I guess.

At least I do.

I found no boolean this time, you know.

2014-12-29 19:40 GMT+09:00 Miroslav Grepl <mgrepl@xxxxxxxxxx>:

On 12/28/2014 03:47 PM, Shintaro Fujiwara wrote:

Hi, I'm testing dhcpd in Fedora20 and got this error.

type=AVC msg=audit(1419777402.148:425): avc:  denied  { name_bind } for  pid=2751 comm="dhcpd" src="" scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:object_r:efs_port_t:s0 tclass=tcp_socket permissive=0

Did it happen by default or did you setup anything (dhcp failover for example) ?

--

日本にヘヴィメタル・ハードロックを根付かせるページ

http://heavymetalhardrock.no-ip.info/

世界中でセキュアＯＳのSELinuxを使いやすくするフリーソフト
http://sourceforge.net/projects/segatex/

CMS（PHPとPostgreSQLを使ったフリーソフト）

http://sourceforge.net/projects/webon/
https://github.com/intrajp/irforum_jp

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

--

日本にヘヴィメタル・ハードロックを根付かせるページ

http://heavymetalhardrock.no-ip.info/

世界中でセキュアＯＳのSELinuxを使いやすくするフリーソフト
http://sourceforge.net/projects/segatex/

CMS（PHPとPostgreSQLを使ったフリーソフト）

http://sourceforge.net/projects/webon/
https://github.com/intrajp/irforum_jp

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux