FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-21-2008, 06:42 PM
Chuck Anderson
 
Default F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

It seems the policy needs an update to allow the dhclient-script to
work properly:

type=1400 audit(1206128117.122:4): avc: denied { write } for
pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0
ino=26088 scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.122:5): avc: denied { unlink } for
pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0
ino=26088 scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.252:6): avc: denied { rename } for
pid=2485 comm="mv" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.255:7): avc: denied { write } for
pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.255:8): avc: denied { write } for
pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.256:9): avc: denied { append } for
pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.257:10): avc: denied { append } for
pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.257:11): avc: denied { append } for
pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.257:12): avc: denied { append } for
pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
type=1400 audit(1206128117.258:13): avc: denied { append } for
pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
scontext=system_u:system_r:dhcpc_t:s0
tcontext=unconfined_ubject_r:etc_t:s0 tclass=file


# audit2allow -R < audit.log

require {
type var_run_t;
type dhcpc_t;
type hald_acl_t;
type etc_t;
class dir write;
class file { write rename unlink append };
}

#============= dhcpc_t ==============
allow dhcpc_t etc_t:file { write rename unlink append };

#============= hald_acl_t ==============
allow hald_acl_t var_run_t:dir write;

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org