Bug 1256355 - dhcrelay kmod=net-pf-10 denied by selinux
Summary: dhcrelay kmod=net-pf-10 denied by selinux
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: dhcp
Version: 23
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Jiri Popelka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-24 12:11 UTC by Andrew Peek
Modified: 2015-08-24 13:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-24 13:30:40 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Andrew Peek 2015-08-24 12:11:16 UTC 
Description of problem: Dhcrelay module kmod=net-pf-10 is denied by selinux after fresh install of dhcp-relay on Fe23. Audit.log message,

type=AVC msg=audit(1440417049.270:90): avc:  denied  { module_request } for  pid=798 comm="dhcrelay" kmod="net-pf-10" scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0

Requires selinux override to enable dhcrelay to function correctly,

grep dhcrelay /var/log/audit/audit.log | audit2allow -m dhcrelaylocal - gives,

module dhcrelaylocal 1.0;

require {
	type dhcpd_t;
	type kernel_t;
	class system module_request;
}

#============= dhcpd_t ==============

#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'
allow dhcpd_t kernel_t:system module_request;


Version-Release number of selected component (if applicable): 4.3.3-0.1b1.fc23
Comment 1 Jiri Popelka 2015-08-24 13:30:40 UTC 
Google suggests:
http://danwalsh.livejournal.com/47118.html
https://bugzilla.redhat.com/show_bug.cgi?id=641836
Comment 2 Andrew Peek 2015-08-24 13:42:13 UTC 
Thanks for response. Ok so its caused by IPV6 being disabled (disabled via GRUB_CMDLINE_LINUX="ipv6.disable=1").
Note You need to log in before you can comment on or make changes to this bug.