yum made selinux break dhcpd and named

William John Murray w.murray at rl.ac.uk
Fri Jan 21 12:44:45 UTC 2005 

   Hello there,
        I set up a firewall/router/dhcpd/dns server at home; it was very
easy, thanks to all for making it so.

  But I mis-configured the yum list, putting in fedora-updates.repo
and  fedora.repo in /etc/yum.conf AND all 4 fedora ones
in /etc/yum.repos.d by mistake. My fault.

  For a few days yum was broken, trying to install wireless
 wireless-tools.i386 1:27-0.pre25.3 and 1:28-0.pre4 at once,
and complaining that they had the same man page area. But I forced
through other updates by doing things like "yum update 'a*'"
[I have no wireless, but NetworkManager appeared from somewhere,
and it needs wireless-tools!]

All was well, but last night I spotted the problem and switch to just
two repos, fedora.repo and fedora-updates.repo 
Yum did this:

Jan 20 21:31:45 Updated: bind-libs.i386 20:9.2.4-8_FC3
Jan 20 21:31:48 Updated: bind-utils.i386 20:9.2.4-8_FC3
Jan 20 21:31:49 Updated: cups-libs.i386 1:1.1.22-0.rc1.8.4
Jan 20 21:31:51 Updated: sysklogd.i386 1.4.1-26_FC3
Jan 20 21:31:56 Updated: alsa-lib.i386 1.0.6-7.FC3
Jan 20 21:31:59 Updated: wireless-tools.i386 1:27-0.pre25.3
Jan 20 21:32:03 Updated: grep.i386 2.5.1-31.4
Jan 20 21:32:07 Updated: bind.i386 20:9.2.4-8_FC3
Jan 20 21:32:25 Updated: cups.i386 1:1.1.22-0.rc1.8.4
Jan 20 21:32:27 Updated: words.noarch 3.0-2
Jan 20 21:32:28 Updated: dhcpv6_client.i386 0.10-11_FC3
Jan 20 21:32:31 Updated: dhcp.i386 7:3.0.1-30_FC3
Jan 20 21:32:36 Updated: bind-chroot.i386 20:9.2.4-8_FC3
Jan 20 21:32:38 Updated: apr.i386 0.9.4-24.2
Jan 20 21:32:41 Updated: kernel-utils.i386 1:2.4-13.1.49_FC3
Jan 20 21:32:43 Updated: vixie-cron.i386 1:4.1-20_FC3
Jan 20 21:32:45 Updated: dhclient.i386 7:3.0.1-30_FC3
Jan 21 07:59:04 Updated: hal.i386 0.4.6-1.FC3

And since then dhcp and named have been broken. The /var/log/messages
has thinks like:
   Jan 21 07:33:18 base kernel: audit(1106292798.847:0): avc:  denied
{ read } for  pid=3391 exe=/usr/sbin/dhcpd name=dhcpd.leases dev=dm-0
ino=189702 scontext=user_u:system_r:dhcpd_t
tcontext=user_u:object_r:dhcp_state_t tclass=file
Jan 21 07:33:18 base dhcpd: Can't open lease
database /var/lib/dhcp/dhcpd.leases: Permission denied -

But the selinux configuration from redhat-config-security doens't even
seem to mention dhcpd. Nb:

Jan 18 07:00:48 Updated: libselinux.i386 1.19.1-8
Jan 18 07:02:08 Updated: libselinux-devel.i386 1.19.1-8
Jan 18 07:10:44 Updated: selinux-policy-targeted.noarch 1.17.30-2.72

   Can anyone suggest how I get myself out?
           Thank you,
                 Bill

More information about the fedora-list mailing list