On Wednesday 18 May 2005 22:35, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > >The error is probably from SELinux; there's a ping in > > /sbin/dhclient-script when it times out. > > dhcpc should have the ability to ping. > domain_auto_trans(dhcpc_t, ping_exec_t, ping_t) The problem is that ping_t is not defined in the targeted policy. The attached patch will give dhcpc_t the access to do what it wants when there is no ping_t domain, it will work with both targeted and strict policy (tested on targeted). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
--- domains/program/dhcpc.te.orig 2005-05-22 23:17:50.000000000 +1000 +++ domains/program/dhcpc.te 2005-05-22 23:18:22.000000000 +1000 @@ -68,6 +68,9 @@ ifdef(`cardmgr.te', ` allow ping_t cardmgr_t:fd use; ') dnl end if cardmgr +', ` +allow dhcpc_t self:capability setuid; +allow dhcpc_t self:rawip_socket create_socket_perms; ') dnl end if ping ifdef(`dhcpd.te', `', `