Bug 209853

Summary: network root leads to SELinux avc from dhclient-leases file
Product: [Fedora] Fedora Reporter: Jeremy Katz <katzj>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, markmc, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 8.45.1-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-09 17:37:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150224    

Description Jeremy Katz 2006-10-06 22:23:00 UTC 
When we're doing a boot from NFS or iscsi, we copy the dhclient lease to /dev in
the initrd.  That then gets copied later in ifup-eth from /dev ->
/var/lib/dhclient.  When dhclient then tries to access it, it's unable to as the
file is labeled device_t instead of dhcpc_state_t.

Should we restorecon when we do that move?
Comment 1 Bill Nottingham 2006-10-07 00:38:53 UTC 
Yeah, we probably should.
Comment 3 Daniel Walsh 2006-10-07 10:30:55 UTC 
If you use install instead of mv, you get this for free.
Comment 4 Jeremy Katz 2006-10-09 14:30:20 UTC 
Manually tested on my iscsi guest and it works fine.
Comment 5 Bill Nottingham 2006-10-09 17:37:24 UTC 
Building as 8.45.1-1.