Make a DHCP server using Fedora - Help

Antonio Olivares olivares14031 at yahoo.com
Sun Nov 16 16:09:04 UTC 2008 

--- On Sun, 11/16/08, Mike Cloaked <mike.cloaked at gmail.com> wrote:

> From: Mike Cloaked <mike.cloaked at gmail.com>
> Subject: Re: Make a DHCP server using Fedora - Help
> To: fedora-list at redhat.com
> Date: Sunday, November 16, 2008, 2:19 AM
> Antonio Olivares wrote:
> > 
> > 
> > I might go to work and try it out.  I will change the
> numbers and also add
> > more time in the leases.  I have been given great
> advice by several
> > helpful people, notably yourself, Tim and Marko (also
> Paul H. for selinux
> > denying dhpcd).  I have to make the changes in the
> /etc/dhcpd.conf file
> > and try it out.  I will test with a Windows 2000
> machine and a Fedora
> > rawhide box and upon success or failure.  I will
> report back.
> > 
> > 
> 
> I did not see the reply from Paul H on fixing the SElinux
> issues - was this
> a private reply?
no, to fedora-selinux-list
thread:  avc: denied { write } for pid=5267 comm="dhcpd" name="dhcpd.pid"
>  If so could you let us know the fix - as
> I will be moving
> to a machine running DHCP with SElinux enabled when F10
> comes out.
see below :) 
> 
> Thanks
> Mike
> -- 
> View this message in context:
> http://www.nabble.com/Make-a-DHCP-server-using-Fedora---Help-tp20511161p20523913.html
> Sent from the Fedora List mailing list archive at
> Nabble.com.
> 
> -- 

I encountered an error/avc denial:
running 
# tail -f /var/log/messages:

--------------------------------------------------------------------------
Nov 14 20:03:40 localhost kernel: type=1400
audit(1226714620.135:183): avc:  denied  { read } for  pid=5267
comm="dhcpd" name="dhcpd.pid" dev=dm-0 ino=3244731
scontext=unconfined_u:system_r:dhcpd_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file Nov 14
20:03:40 localhost kernel: type=1400 audit(1226714620.135:184): avc:
denied  { write } for  pid=5267 comm="dhcpd" name="dhcpd.pid"
dev=dm-0 ino=3244731scontext=unconfined_u:system_r:dhcpd_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file Nov 14
20:03:40 localhost dhcpd: Can't create PID file /var/run/dhcpd.pid:
Permission denied.
 
How can I allow it to work?  
 
Setroubleshoot has not kicked in to warn me so I do not know a fix as
of this moment :(  

/var/run/dhcpd.pid should be dhcpd_var_run_t, not var_run_t.
--------------------------------------------------------------------------
Paul replied: 

Try:
# restorecon -v /var/run /var/run/dhcpd.pid

Paul.
--------------------------------------------------------------------------

Now I do not get the denial.  I sent the message to fedora-selinux-list at redhat.com and Paul answered my question/plea for help.

Regards,

Antonio

More information about the fedora-list mailing list