Ahoj,
zkousim si doma postavit sit a narazil sem na problem s kterym nedokazu pohnout. Nastavil sem si DHCP server a chci ho spustit
service dhcpd start
Starting dhcpd: [FAILED]
a vyskoci okno setroubleshoot browseru
SELinux is preventing dhcpd (dhcpd_t) “read write” unconfined_t.
No to me trosku znejistelo, ale v akcnim duchu jsem si rikal, ze budu postupovat podle navodu nize “You can generate a local policy module to allow this access - see FAQ”. Jenze asi je neco “jinak” a postup
audit2allow -m dhcpd_t -l -i /var/log/messages > mydhcpd_t.te
nic kloudneho neprinesl.
Jal sem se teda googlit s domenim, ze tento problem urcite uz nekdo resil. Ale pan google nic vic neporadil, ze by nikdo nemel podobny problem?
Urcite mi jako prvni rada poradite “Tak si vypni SELinux a bude ti to fungovat”. To je sice pravda, ale je to takove polovicate reseni, se SELinuxem sem zadny problem az doted nemel a vsechno je jenom o nastaveni a to je podstata tohoto problem, jak a kde co nastavit aby byl SELinux spokojenej a pustil dhcpd?
Kompletni vypis SELinux hlaseni
Summary:
SELinux is preventing dhcpd (dhcpd_t) “read write” unconfined_t.
Detailed Description:
SELinux denied access requested by dhcpd. It is not expected that this access is
required by dhcpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:dhcpd_t:s0
Target Context unconfined_u:unconfined_r:unconfined_t:s0
Target Objects socket [ unix_stream_socket ]
Source dhcpd
Source Path /usr/sbin/dhcpd
Port
Host kulisek
Source RPM Packages dhcp-4.0.0-33.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-34.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name kulisek
Platform Linux kulisek 2.6.27.7-134.fc10.i686 #1 SMP Mon
Dec 1 22:42:50 EST 2008 i686 i686
Alert Count 6
First Seen Sat 20 Dec 2008 11:38:15 AM CET
Last Seen Sat 20 Dec 2008 01:28:56 PM CET
Local ID 6354cf35-01af-4902-967d-55d139d18d32
Line Numbers
Raw Audit Messages
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11162]” dev=sockfs ino=11162 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=AVC msg=audit(1229776136.577:15): avc: denied { read write } for pid=3193 comm=“dhcpd” path=“socket:[11086]” dev=sockfs ino=11086 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=kulisek type=SYSCALL msg=audit(1229776136.577:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a537d8 a1=8a52e70 a2=8a53bd8 a3=0 items=0 ppid=3192 pid=3193 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm=“dhcpd” exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)