Recent SEL problems on FC3 box - named & dhcpd
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 22 15:48:37 UTC 2005
On Tue, 2005-03-22 at 15:30 +0000, Ruth Ivimey-Cook wrote:
> Hi folks,
>
> I have just started having some problems with selinux. I'm using FC3 with the
> targetted policy. It was running enforced; now merely permissive because of the
> problems. The box is running BIND/named in master mode (i.e. it is master for
> some domains, but not supplying those domains to other demons) and a dhcp
> server. I have today used yum to update both daemons from the updates-released
> repo, and am now getting errors of this sort (note this is a sample - there are
> many more):
>
> ...
> audit(1111501062.397:0): avc: denied { search } for pid=6809
> exe=/usr/sbin/dhcpd name=/ dev=md1 ino=2 scontext=root:system_r:dhcpd_t
> tcontext=system_u:object_r:file_t tclass=dir
> audit(1111501062.397:0): avc: denied { search } for pid=6809
> exe=/usr/sbin/dhcpd name=/ dev=md1 ino=2 scontext=root:system_r:dhcpd_t
> tcontext=system_u:object_r:file_t tclass=dir
> audit(1111501107.559:0): avc: denied { search } for pid=6828
> exe=/usr/sbin/named name=/ dev=md1 ino=2 scontext=root:system_r:named_t
> tcontext=system_u:object_r:file_t tclass=dir
This suggests that your filesystem isn't labeled. Touch /.autorelabel
and reboot, or manually boot single-user and run /sbin/fixfiles relabel.
Did you install with SELinux enabled, or try enabling it later? How did
you enable it?
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the fedora-selinux-list
mailing list