Bug 1047072 - cobbler denied search on dhcp_etc_t
Summary: cobbler denied search on dhcp_etc_t
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 20
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2013-12-28 20:13 UTC by Pete Travis
Modified: 2014-01-16 07:12 UTC (History)
4 users (show)

Fixed In Version: selinux-policy-3.12.1-116.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-01-16 07:12:08 UTC
Type: Bug

Attachments (Terms of Use)

Description Pete Travis 2013-12-28 20:13:06 UTC
Per `man 8 cobbler_selinux` I expect cobbler to be able to manage dhcp configurations without manual policy adjustment. However, after setting cobbler to manage dhcp, I see this:

type=AVC msg=audit(1388259039.970:1931): avc:  denied  { search } for    pid=26273 comm="cobblerd" name="dhcp" dev="dm-1" ino=2228722 scontext=system_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:dhcp_etc_t:s0 tclass=dir

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

Comment 1 Daniel Walsh 2014-01-03 18:40:57 UTC
59a587b209a152b8d45fb1396dfd7a0e2efd93a7 fixes this in git.

Comment 2 Lukas Vrabec 2014-01-04 00:15:42 UTC
back ported.

Comment 3 Fedora Update System 2014-01-13 22:57:36 UTC
selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20.

Comment 4 Fedora Update System 2014-01-15 05:59:05 UTC
Package selinux-policy-3.12.1-116.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2014-01-16 07:12:08 UTC
selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.