Daniel J Walsh wrote:
Rogelio J. Baucells wrote:
> Hi,
>
> I am running a FC3 computer with the latest targeted policy
> (selinux-policy-targeted-1.17.30-2.68) and I am getting the following
> messages at the time dhcpd starts:
>
> -----------------------------------------------------------------
> audit(1105547723.050:0): avc: denied { net_admin } for pid=6247
> exe=/usr/sbin/dhcpd capability=12 scontext=root:system_r:dhcpd_t
> tcontext=root:system_r:dhcpd_t tclass=capability
>
> audit(1105547723.244:0): avc: denied { read } for pid=6247
> exe=/usr/sbin/dhcpd name=cacert.org.pem dev=hdc2 ino=230129
> scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:usr_t
> tclass=file
> -----------------------------------------------------------------
>
> I looked at the configuration file (dhcpd.conf) and I do not see any
> place where I am referencing the
cacert.org cert file. I use that file
> for other services and it is located at (/usr/share/ssl/certs).
>
> Is there any information on how to resolve this errors?
>
> Thanks
>
> RJB
>
selinux-policy-targeted-1.17.30-2.72 should have a fix for this
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list Hi,
I just checked again using the selinux-policy-targeted-1.17.30-2.72 and
now I am getting two new errors in the log file at the time of starting
dhcpd (I did a "restorecon -R /var/named" before starting the service).
-------------------------------------------------------------------
audit(1106155180.751:0): avc: denied { read } for pid=21770
exe=/usr/sbin/dhcpd name=urandom dev=tmpfs ino=503
scontext=root:system_r:dhcpd_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1106155180.752:0): avc: denied { read } for pid=21770
exe=/usr/sbin/dhcpd name=random dev=tmpfs ino=501
scontext=root:system_r:dhcpd_t
tcontext=system_u:object_r:random_device_t tclass=chr_file
-------------------------------------------------------------------
I do not longer have the old errors...
I think the problem is accessing the /var/named/chroot/dev/random file.
This is my selinux related settings for the files in that directory:
crw-r--r-- root root system_u:object_r:null_device_t null
crw-r--r-- root root system_u:object_r:random_device_t random
crw-r--r-- root root system_u:object_r:zero_device_t zero
Is there anything else I can do?
Thanks for your help
RJB