Bug 160430 - dhcpd is blocked
dhcpd is blocked
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-14 22:53 EDT by Florin Andrei
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-19 13:28:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
correction /etc/selinux/targeted/src/policy/types/network.te (476 bytes, patch)
2005-06-17 05:09 EDT, Stanislav Polasek
no flags Details | Diff
/etc/selinux/targeted/src/policy/types/network.te (476 bytes, patch)
2005-06-17 05:16 EDT, Stanislav Polasek
no flags Details | Diff

  None (edit)
Description Florin Andrei 2005-06-14 22:53:11 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Can't run dhcpd with valid config file. SELinux blocks it:

type=AVC msg=audit(1118774433.422:183565): avc:  denied  { name_bind } for  pid=2125 comm="dhcpd" src=67 scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket
type=SYSCALL msg=audit(1118774433.422:183565): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfbb8fc0 a2=95ea04 a3=6 items=0 pid=2125 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="dhcpd" exe="/usr/sbin/dhcpd"
type=SOCKADDR msg=audit(1118774433.422:183565): saddr=02000043000000000000000000000000
type=SOCKETCALL msg=audit(1118774433.422:183565): nargs=3 a0=6 a1=bfbb8fe8 a2=10

Here's the config file:

subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.200 192.168.1.250;
        default-lease-time 86400;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        option routers 192.168.1.254;
        option domain-name-servers 192.168.1.120;
        option domain-name "XXXXXXX.YYYYYYY";
        option netbios-name-servers 192.168.1.120;
        ping-check true;
}
authoritative;
ddns-update-style ad-hoc;


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-6

How reproducible:
Always

Steps to Reproduce:
1. see above
2.
3.
  

Actual Results:  dhcpd is denied access to the interface

Expected Results:  well duh

Additional info:
Comment 1 You 2005-06-16 08:51:08 EDT
I also have same problem. (so I guess this is a confirm).
My Details:

Try to connect to eth0 through 'USB CDC Ether'.

With selinux on no conncetion is made. Turning selinux off allows dhcp to
connect to the internet. (NTL cable modem in the UK).
Comment 2 Stanislav Polasek 2005-06-17 05:09:42 EDT
Created attachment 115598 [details]
correction /etc/selinux/targeted/src/policy/types/network.te

Please try the patch, it works for me.
Comment 3 Stanislav Polasek 2005-06-17 05:16:11 EDT
Created attachment 115600 [details]
/etc/selinux/targeted/src/policy/types/network.te

Sorry, thi is the correct one.
Comment 4 Nerijus Baliūnas 2005-06-17 11:11:24 EDT
Bugs 159378 and 160790 are duplicates of this. It seems it is worth to try to
restart all important services before releasing new selinux-policy-targeted package.
Comment 5 Daniel Walsh 2005-07-11 14:44:46 EDT
Fixed in selinux-policy-targeted-1.25.1-7
Comment 6 Ville Skyttä 2005-07-19 12:00:05 EDT
Updating seems to have fixed the problems here. 

Note You need to log in before you can comment on or make changes to this bug.