Bug 488864
Summary: | selinux is preventing ntpd access to /etc/ntp.conf | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Cantrell <dcantrell> |
Component: | dhcp | Assignee: | David Cantrell <dcantrell> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dcantrell, dwalsh, jkubin, mgrepl, mlichvar, pertusus, quentin, wwoods |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 488470 | Environment: | |
Last Closed: | 2009-03-11 19:14:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 488470 | ||
Bug Blocks: |
Description
David Cantrell
2009-03-06 00:49:12 UTC
Is this something that needs to be fixed in ntp package? The /etc/dhcp/dhclient.d/ntp.sh script calls restorecon. Anyway, /sbin/dhclient-script needs the following patch to actually call the functions from the ntp script. @@ -364,7 +364,9 @@ for f in /etc/dhcp/dhclient.d/*.sh ; do if [ -x ${f} ]; then subsystem="${f%.sh}" - . ${f} "${subsystem}_config" + subsystem="${subsystem##*/}" + . ${f} + "${subsystem}_config" fi done fi @@ -490,7 +492,9 @@ for f in /etc/dhcp/dhclient.d/*.sh ; do if [ -x ${f} ]; then subsystem="${f%.sh}" - . ${f} "${subsystem}_restore" + subsystem="${subsystem##*/}" + . ${f} + "${subsystem}_restore" fi done fi (In reply to comment #1) > Is this something that needs to be fixed in ntp package? The > /etc/dhcp/dhclient.d/ntp.sh script calls restorecon. No, you don't need to change anything in ntp.sh if it calls restorecon already. I created this bug so you'd check ntp.sh and change it if necessary. > Anyway, /sbin/dhclient-script needs the following patch to actually call the > functions from the ntp script. > > @@ -364,7 +364,9 @@ > for f in /etc/dhcp/dhclient.d/*.sh ; do > if [ -x ${f} ]; then > subsystem="${f%.sh}" > - . ${f} "${subsystem}_config" > + subsystem="${subsystem##*/}" > + . ${f} > + "${subsystem}_config" > fi > done > fi > @@ -490,7 +492,9 @@ > for f in /etc/dhcp/dhclient.d/*.sh ; do > if [ -x ${f} ]; then > subsystem="${f%.sh}" > - . ${f} "${subsystem}_restore" > + subsystem="${subsystem##*/}" > + . ${f} > + "${subsystem}_restore" > fi > done > fi The following line: subsystem="${f%.sh}" Does the same as: subsystem="${subsystem##*/}" The '.' and call to the config and restore functions are on the same line in the current script, but you break it out in to separate lines. Does this matter? Correction, subsystem="${f%.sh}" Gives $subsystem "ntp" as the value. Why do I need: subsystem="${subsystem##*/}" ? %.sh removes only the .sh suffix, ##*/ will remove /etc/dhcp/dhclient.d/ from the beginning. Using subsystem=$(basename "$f" .sh) should do the same. As for the . command, I'm not sure what exactly is the syntax, but it doesn't work for me without the patch. Thanks for the clarification. Fixed in dhcp-4.1.0-12.fc11 |