dhcpd refuses to start after fresh FC4 install

Alexander Dalloz ad+lists at uni-x.org
Mon Jun 20 14:44:34 UTC 2005 

Am Mo, den 20.06.2005 schrieb Claude Jones um 16:31:

> > https://www.redhat.com/archives/fedora-selinux-list/2005-June/msg00145.html
> >
> Thanks Alexander. I came across that same post just before reading Paul's 
> response. The proposed solution is way over my head. It seems to be 
> discussing Samba as opposed to what the subject line says, also. For now, 
> I've turned off the restrictive policy on dhcpd in Selinux till I can figure 
> this out. The Selinux man page tells you next to nothing, so I shall go look 
> at the Selinux website today and see what I can find.

> Claude Jones

The policy patch covers 3 issues. The part relevant for your dhcpd issue
is just:

diff -Naur --exclude-from=excludes policy.orig/net_contexts
policy/net_contexts
--- policy.orig/net_contexts	2005-06-16 17:52:27.000000000 -0400
+++ policy/net_contexts	2005-06-19 16:15:05.000000000 -0400
@@ -50,10 +50,9 @@
 portcon udp 53 system_u:object_r:dns_port_t
 portcon tcp 53 system_u:object_r:dns_port_t
 
-ifdef(`dhcpc.te', `
 portcon udp 67  system_u:object_r:dhcpd_port_t
 portcon udp 68  system_u:object_r:dhcpc_port_t
-')
+
 ifdef(`tftpd.te', `portcon udp 69  system_u:object_r:tftp_port_t')
 ifdef(`fingerd.te', `portcon tcp 79  system_u:object_r:fingerd_port_t')

This is diff style and line beginning with "-" will be removed by applying the patch, those
starting with "+" are added.
I can't comment whether this patch will be accepted by the maintainer. But replying to
himself Ivan Gyurdiev corrected his suggestion and the "ifdef" shouldn't be erased completely,
but only enclose the dhcpc part. Means, move the line 

portcon udp 67  system_u:object_r:dhcpd_port_t

up to be above line

ifdef(`dhcpc.te', `

*if you want to put your hands on the policy file yourself*. Else wait for an official policy update
package.

Alexander
 

-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 16:38:00 up 27 days, 15:15, load average: 0.33, 0.26, 0.22 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050620/63e7adb3/attachment-0001.sig>

More information about the fedora-list mailing list