1067142 – Ownership of /var/lib/dhcpd/dhcpd.leases reverts to root:root on every dhcpd start

Bug 1067142 - Ownership of /var/lib/dhcpd/dhcpd.leases reverts to root:root on every dhcpd start

Summary: Ownership of /var/lib/dhcpd/dhcpd.leases reverts to root:root on every dhcpd ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	dhcp
Sub Component:
Version:	6.6
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Jiri Popelka
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:	1082640
Blocks:
TreeView+	depends on / blocked

Reported:	2014-02-19 19:27 UTC by Avram Lubkin
Modified:	2014-10-14 04:31 UTC (History)
CC List:	4 users (show)
Fixed In Version:	dhcp-4.1.1-41.P1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: Everytime when dhcpd starts. Consequence: Ownership of /var/lib/dhcpd/dhcpd.leases file is changed from dhcpd:dhcpd to root:root. Fix: Patch was back-ported from Fedora. Result: Ownership of /var/lib/dhcpd/dhcpd.leases file is not changed.
Clone Of:
Environment:
Last Closed:	2014-10-14 04:31:39 UTC
Target Upstream Version:

Attachments	(Terms of Use)
DHCP Paranoia Patch (3.23 KB, patch) 2014-02-19 19:27 UTC, Avram Lubkin	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1406	0	normal	SHIPPED_LIVE	dhcp bug fix update	2014-10-14 00:54:57 UTC

Description Avram Lubkin 2014-02-19 19:27:24 UTC

Created attachment 865188 [details]
DHCP Paranoia Patch

Description of problem:

On ever start, dhcpd reverts ownership of /var/lib/dhcpd/dhcpd.leases to root:root, where it should be dhcpd:dhcpd

This was a bug in Fedora 16, bug 837474
And Fedora 17, bug 866714

Version-Release number of selected component (if applicable):

dhcp-4.1.1-39.P1.el6

How reproducible:

Always

Steps to Reproduce:
1. Restart dhcpd service
2. Check ownership of /var/lib/dhcpd/dhcpd.leases

Actual results:
root:root

Expected results:
dhcpd:dhcpd

Additional info:

I've attached a patch based on the Fedora version.
http://pkgs.fedoraproject.org/cgit/dhcp.git/tree/dhcp-paranoia.patch

The patch includes all the code fixes, but doesn't include the man page updates.

After building and installing, it seemed to test fine except for an AVC denial preventing chown operation. The following rule fixed this issue:

allow dhcpd_t self:capability chown;

Comment 2 Jaromír Končický 2014-04-03 12:21:28 UTC

cvs-commit http://bulk-mail.corp.redhat.com/archives/cvs-commits-list/2014-April/msg01424.html

Comment 4 jhb 2014-06-10 15:04:24 UTC

The patch fixed this issue for us.

Comment 5 Alexander Todorov 2014-09-05 14:24:27 UTC

After restart:

# ls -lZ /var/lib/dhcpd/dhcpd.leases 
-rw-r--r--. dhcpd dhcpd unconfined_u:object_r:dhcpd_state_t:s0 /var/lib/dhcpd/dhcpd.leases

Tested with dhcp-4.1.1-43.P1.el6.x86_64

Comment 7 errata-xmlrpc 2014-10-14 04:31:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1406.html

Note You need to log in before you can comment on or make changes to this bug.