Bug 1256355 - dhcrelay kmod=net-pf-10 denied by selinux
dhcrelay kmod=net-pf-10 denied by selinux
Product: Fedora
Classification: Fedora
Component: dhcp (Show other bugs)
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Jiri Popelka
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-08-24 08:11 EDT by Andrew Peek
Modified: 2015-08-24 09:42 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-24 09:30:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew Peek 2015-08-24 08:11:16 EDT
Description of problem: Dhcrelay module kmod=net-pf-10 is denied by selinux after fresh install of dhcp-relay on Fe23. Audit.log message,

type=AVC msg=audit(1440417049.270:90): avc:  denied  { module_request } for  pid=798 comm="dhcrelay" kmod="net-pf-10" scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0

Requires selinux override to enable dhcrelay to function correctly,

grep dhcrelay /var/log/audit/audit.log | audit2allow -m dhcrelaylocal - gives,

module dhcrelaylocal 1.0;

require {
	type dhcpd_t;
	type kernel_t;
	class system module_request;

#============= dhcpd_t ==============

#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'
allow dhcpd_t kernel_t:system module_request;

Version-Release number of selected component (if applicable): 4.3.3-0.1b1.fc23
Comment 2 Andrew Peek 2015-08-24 09:42:13 EDT
Thanks for response. Ok so its caused by IPV6 being disabled (disabled via GRUB_CMDLINE_LINUX="ipv6.disable=1").

Note You need to log in before you can comment on or make changes to this bug.