F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

Daniel J Walsh dwalsh at redhat.com
Fri Mar 21 23:17:14 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> It seems the policy needs an update to allow the dhclient-script to 
> work properly:
> 
> type=1400 audit(1206128117.122:4): avc:  denied  { write } for  
> pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0 
> ino=26088 scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.122:5): avc:  denied  { unlink } for  
> pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0 
> ino=26088 scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.252:6): avc:  denied  { rename } for  
> pid=2485 comm="mv" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.255:7): avc:  denied  { write } for  
> pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.255:8): avc:  denied  { write } for  
> pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.256:9): avc:  denied  { append } for  
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:10): avc:  denied  { append } for  
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:11): avc:  denied  { append } for  
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:12): avc:  denied  { append } for  
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.258:13): avc:  denied  { append } for  
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 
> scontext=system_u:system_r:dhcpc_t:s0 
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
> 
> 
> # audit2allow -R < audit.log
> 
> require {
>         type var_run_t;
>         type dhcpc_t;
>         type hald_acl_t;
>         type etc_t;
>         class dir write;
>         class file { write rename unlink append };
> }
> 
> #============= dhcpc_t ==============
> allow dhcpc_t etc_t:file { write rename unlink append };
> 
> #============= hald_acl_t ==============
> allow hald_acl_t var_run_t:dir write;
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Someone/thing mislabeled your resolv.conf

restorecon /etc/resolv.conf  The hald_acl will be fixed tonight.  Your
policy module is dangerous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfkQfoACgkQrlYvE4MpobMyTQCgscWfhHGmNZjFg5Gnrggg/uaU
cJQAoMeTOEm3m7YUvfsebWXfVnlEohs4
=MBe5
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list