Bug 147926

Summary: dhclient-script creates new conf files with wrong selinux label
Product: [Fedora] Fedora Reporter: Ulrich Drepper <drepper>
Component: dhcpAssignee: Jason Vas Dias <jvdias>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-04 23:54:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
add chcon calls none

Description Ulrich Drepper 2005-02-13 01:26:26 UTC 
Description of problem:
The dhclient-script creates a number of conf files from scratch after moving
exsting files aside.  This has the problem that the SELinux context is wrong for
the new files.  The result is that programs like ypbind cannot read the files.

Version-Release number of selected component (if applicable):
dhclient-3.0.2rc3-3

How reproducible:
always

Steps to Reproduce:
1.define nis-domain and nis-servers in dhcp on server
2.start machine which uses that dhcp server
3.start ypbind on the client machine
  
Actual results:
ybind fails because it cannot read /etc/yp.conf

Expected results:
all works as expects

Additional info:
I'll attach a patch which works for me.
Comment 1 Ulrich Drepper 2005-02-13 01:26:26 UTC 
Created attachment 111032 [details]
add chcon calls
Comment 2 Jason Vas Dias 2005-02-13 19:20:31 UTC 
Thanks - I have SELinux enabled on my FC3 & RHEL-4
test systems, not on my FC4 test system - this will
now change. 
I'll make changes to restore the file contexts of 
configuration files changed by dhclient-script as you
suggest, but we can't assume that /usr has been mounted
when this script is run, so I'll use /sbin/restorecon
instead of /usr/bin/chcon . Also, we can't assume 
the *.predhclient files have the correct context to 
start with, nor that when dhclient is run, the selinux
policy has yet been configured, so after changing /etc/yp.conf, 
for example, I'll do: 
  [ -x /sbin/restorecon ] && /sbin/restorecon /etc/yp.conf >/dev/null
2>&1
Comment 3 Jason Vas Dias 2005-02-25 20:02:40 UTC 
This bug is now fixed in dhcp-3.0.1-40_FC3 / dhcp-3.0.2-2 (FC4).