Bug 740658

Summary: dhcp can't write ldap debug file
Product: [Fedora] Fedora Reporter: Julian RY <jrendony>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-23 13:32:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Julian RY 2011-09-22 20:42:25 UTC 
Description of problem:
Dhcp process is unable to write ldap-debug-file.


Version-Release number of selected component (if applicable):
dhcp-4.2.1-10.P1


Steps to Reproduce:
1. Configure dhcpd.conf for ldap and define ldap-debug-file to any file in /var/log (even somewhere else). As an example here, file will be /var/log/dhcp-ldap-startup.log
2. Start/Restart dhcpd service
3. Notice the error in /var/log/messages: DATE HOUR SERVER dhcpd: Error opening debug LDAP log file /var/log/dhcp-ldap-startup.log: Permission denied

  
Actual results:


Expected results:


Additional info:
Comment 1 Julian RY 2011-09-23 11:43:14 UTC 
I fogot to mentio that this only happens with selinux in enforcing mode. When selinux is disabled or in permissive state, the file can be written.
Comment 2 Daniel Walsh 2011-09-23 12:55:59 UTC 
We have a type slapd_log_t that you can assign to this file and SELinux will allow ldap to write the file.


semanage fcontext -a -t dhcp_log_t /var/log/dhcp-ldap-startup.log
restorecon /var/log/dhcp-ldap-startup.log
Comment 3 Daniel Walsh 2011-09-23 13:32:30 UTC 
If you have a script that creates the file on boot, you would probably need to add a restorecon to it.