avc: denied { write } for pid=5267 comm="dhcpd" name="dhcpd.pid"

Antonio Olivares olivares14031 at yahoo.com
Sat Nov 15 14:44:06 UTC 2008 

--- On Sat, 11/15/08, Paul Howarth <paul at city-fan.org> wrote:

> From: Paul Howarth <paul at city-fan.org>
> Subject: Re: avc: denied { write } for pid=5267 comm="dhcpd" name="dhcpd.pid"
> To: olivares14031 at yahoo.com
> Cc: fedora-selinux-list at redhat.com
> Date: Saturday, November 15, 2008, 12:54 AM
> On Fri, 14 Nov 2008 18:10:16 -0800 (PST)
> Antonio Olivares <olivares14031 at yahoo.com> wrote:
> 
> > Dear fellow selinux experts,
> > 
> > I am trying to make one of my machines a dhcp server
> to connect other
> > machines to the internet, see thread in Fedora list if
> applicable, I
> > have achieved a breakthrough, but selinux denies it :(
>  
> > 
> > [root at localhost ~]# dhcpd -f
> > Internet Systems Consortium DHCP Server 4.0.0
> > Copyright 2004-2007 Internet Systems Consortium.
> > All rights reserved.
> > For info, please visit http://www.isc.org/sw/dhcp/
> > Warning: subnet 10.154.19.0/27 overlaps subnet
> 10.154.19.0/24
> > Not searching LDAP since ldap-server, ldap-port and
> ldap-base-dn were
> > not specified in the config file Wrote 0 leases to
> leases file.
> > Listening on LPF/eth0/00:0e:a6:42:59:af/10.154.19.0/24
> > Sending on   LPF/eth0/00:0e:a6:42:59:af/10.154.19.0/24
> > Sending on   Socket/fallback/fallback-net
> > ^C
> > [root at localhost ~]# service dhcpd stop
> > [root at localhost ~]# service dhcpd start
> > Starting dhcpd:                                       
>     [  OK  ]
> > 
> > 
> >  but now selinux gets in the way :(
> > 
> > Nov 14 20:03:40 localhost kernel: type=1400
> > audit(1226714620.135:183): avc:  denied  { read } for 
> pid=5267
> > comm="dhcpd" name="dhcpd.pid"
> dev=dm-0 ino=3244731
> > scontext=unconfined_u:system_r:dhcpd_t:s0
> > tcontext=unconfined_u:object_r:var_run_t:s0
> tclass=file Nov 14
> > 20:03:40 localhost kernel: type=1400
> audit(1226714620.135:184): avc:
> > denied  { write } for  pid=5267 comm="dhcpd"
> name="dhcpd.pid"
> > dev=dm-0
> ino=3244731scontext=unconfined_u:system_r:dhcpd_t:s0
> > tcontext=unconfined_u:object_r:var_run_t:s0
> tclass=file Nov 14
> > 20:03:40 localhost dhcpd: Can't create PID file
> /var/run/dhcpd.pid:
> > Permission denied.
> > 
> > How can I allow it to work?  
> > 
> > Setroubleshoot has not kicked in to warn me so I do
> not know a fix as
> > of this moment :(  
> 
> /var/run/dhcpd.pid should be dhcpd_var_run_t, not
> var_run_t.
> 
> Try:
> # restorecon -v /var/run /var/run/dhcpd.pid
> 
> Paul.
Thanks, I will try that later today.

Regards,

Antonio

More information about the selinux mailing list