Red Hat Bugzilla – Bug 147926
dhclient-script creates new conf files with wrong selinux label
Last modified: 2007-11-30 17:11:00 EST
Description of problem: The dhclient-script creates a number of conf files from scratch after moving exsting files aside. This has the problem that the SELinux context is wrong for the new files. The result is that programs like ypbind cannot read the files. Version-Release number of selected component (if applicable): dhclient-3.0.2rc3-3 How reproducible: always Steps to Reproduce: 1.define nis-domain and nis-servers in dhcp on server 2.start machine which uses that dhcp server 3.start ypbind on the client machine Actual results: ybind fails because it cannot read /etc/yp.conf Expected results: all works as expects Additional info: I'll attach a patch which works for me.
Created attachment 111032 [details] add chcon calls
Thanks - I have SELinux enabled on my FC3 & RHEL-4 test systems, not on my FC4 test system - this will now change. I'll make changes to restore the file contexts of configuration files changed by dhclient-script as you suggest, but we can't assume that /usr has been mounted when this script is run, so I'll use /sbin/restorecon instead of /usr/bin/chcon . Also, we can't assume the *.predhclient files have the correct context to start with, nor that when dhclient is run, the selinux policy has yet been configured, so after changing /etc/yp.conf, for example, I'll do: [ -x /sbin/restorecon ] && /sbin/restorecon /etc/yp.conf >/dev/null 2>&1
This bug is now fixed in dhcp-3.0.1-40_FC3 / dhcp-3.0.2-2 (FC4).