yum made selinux break dhcpd and named

Daniel J Walsh dwalsh at redhat.com
Fri Jan 21 17:24:34 UTC 2005 

William John Murray wrote:

>   Hello there,
>        I set up a firewall/router/dhcpd/dns server at home; it was very
>easy, thanks to all for making it so.
>
>  But I mis-configured the yum list, putting in fedora-updates.repo
>and  fedora.repo in /etc/yum.conf AND all 4 fedora ones
>in /etc/yum.repos.d by mistake. My fault.
>
>  For a few days yum was broken, trying to install wireless
> wireless-tools.i386 1:27-0.pre25.3 and 1:28-0.pre4 at once,
>and complaining that they had the same man page area. But I forced
>through other updates by doing things like "yum update 'a*'"
>[I have no wireless, but NetworkManager appeared from somewhere,
>and it needs wireless-tools!]
>
>All was well, but last night I spotted the problem and switch to just
>two repos, fedora.repo and fedora-updates.repo 
>Yum did this:
>
>Jan 20 21:31:45 Updated: bind-libs.i386 20:9.2.4-8_FC3
>Jan 20 21:31:48 Updated: bind-utils.i386 20:9.2.4-8_FC3
>Jan 20 21:31:49 Updated: cups-libs.i386 1:1.1.22-0.rc1.8.4
>Jan 20 21:31:51 Updated: sysklogd.i386 1.4.1-26_FC3
>Jan 20 21:31:56 Updated: alsa-lib.i386 1.0.6-7.FC3
>Jan 20 21:31:59 Updated: wireless-tools.i386 1:27-0.pre25.3
>Jan 20 21:32:03 Updated: grep.i386 2.5.1-31.4
>Jan 20 21:32:07 Updated: bind.i386 20:9.2.4-8_FC3
>Jan 20 21:32:25 Updated: cups.i386 1:1.1.22-0.rc1.8.4
>Jan 20 21:32:27 Updated: words.noarch 3.0-2
>Jan 20 21:32:28 Updated: dhcpv6_client.i386 0.10-11_FC3
>Jan 20 21:32:31 Updated: dhcp.i386 7:3.0.1-30_FC3
>Jan 20 21:32:36 Updated: bind-chroot.i386 20:9.2.4-8_FC3
>Jan 20 21:32:38 Updated: apr.i386 0.9.4-24.2
>Jan 20 21:32:41 Updated: kernel-utils.i386 1:2.4-13.1.49_FC3
>Jan 20 21:32:43 Updated: vixie-cron.i386 1:4.1-20_FC3
>Jan 20 21:32:45 Updated: dhclient.i386 7:3.0.1-30_FC3
>Jan 21 07:59:04 Updated: hal.i386 0.4.6-1.FC3
>
>And since then dhcp and named have been broken. The /var/log/messages
>has thinks like:
>   Jan 21 07:33:18 base kernel: audit(1106292798.847:0): avc:  denied
>{ read } for  pid=3391 exe=/usr/sbin/dhcpd name=dhcpd.leases dev=dm-0
>ino=189702 scontext=user_u:system_r:dhcpd_t
>tcontext=user_u:object_r:dhcp_state_t tclass=file
>Jan 21 07:33:18 base dhcpd: Can't open lease
>database /var/lib/dhcp/dhcpd.leases: Permission denied -
>
>But the selinux configuration from redhat-config-security doens't even
>seem to mention dhcpd. Nb:
>
>Jan 18 07:00:48 Updated: libselinux.i386 1.19.1-8
>Jan 18 07:02:08 Updated: libselinux-devel.i386 1.19.1-8
>Jan 18 07:10:44 Updated: selinux-policy-targeted.noarch 1.17.30-2.72
>
>   Can anyone suggest how I get myself out?
>           Thank you,
>                 Bill
>
>
>
>
>  
>
This is weird, it should be allowed.  Could you please try as root

make -C /etc/selinux/targeted/src/policy load
And then restart dhcpd and see if that fixes it?

Dan

More information about the users mailing list