Bug 477078

Summary: SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.
Product: [Fedora] Fedora Reporter: Chris <c_saris>
Component: dhcpAssignee: David Cantrell <dcantrell>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 10CC: dcantrell, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-08 18:38:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris 2008-12-19 00:00:15 UTC 
Description of problem:

[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]SELinux denied access requested by dhclient. It is not expected that this access is required by dhclient and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 
(BTW the above is a copy of the setroubleshoot-message)

Version-Release number of selected component (if applicable):


How reproducible:
Install Fedora 10 (network installation on i386 with 1 wired ethernet card (e100) and 1 wireless network card (Ralink 2500 pci, kernel module rt2500pci)). Since installation only succeeds "the wired way", i.e. intel e100, after completion of the installation, reboot etc. the wireless card is not able to connect to a wireless router. The router is unable to assign an IP (ipv4) address to the wireless card, I guess as a result of the interference of SELINUX (though I am not absolutely sure). 

I may not be in any position of giving you development team advices, but doing so anyway: Please get rid of this SELINUX thing, since the way it enforces security is by making people not using linux at all. (i've had nothing but trouble with this unasked-for showstopper). My statement: increase linux market-share to levels beyond MS-W by simply taking out the incredibly user-scary SELINUX monster. Fedora 10 really would have been brilliant as compared to certain German and French competitors, hadn't it given such emphasis on SE......


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 David Cantrell 2008-12-19 01:01:52 UTC 
I have released a number of updates to dhcp in F-10 to fix SELinux problems.  Can you give me the nvr of the dhcp or dhclient package you're using now?

rpm -qa | grep dhcp
Comment 2 David Cantrell 2009-01-08 18:38:28 UTC 
An update for this problem has been released for F-10.  Without knowing the nvr of the package you are using, I cannot investigate further.