Bug 160430 - dhcpd is blocked
Summary: dhcpd is blocked
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-15 02:53 UTC by Florin Andrei
Modified: 2007-11-30 22:11 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-19 17:28:24 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
correction /etc/selinux/targeted/src/policy/types/network.te (476 bytes, patch)
2005-06-17 09:09 UTC, Stanislav Polasek 		no flags Details | Diff
/etc/selinux/targeted/src/policy/types/network.te (476 bytes, patch)
2005-06-17 09:16 UTC, Stanislav Polasek 		no flags Details | Diff
Show Obsolete (1) View All

Description Florin Andrei 2005-06-15 02:53:11 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Can't run dhcpd with valid config file. SELinux blocks it:

type=AVC msg=audit(1118774433.422:183565): avc:  denied  { name_bind } for  pid=2125 comm="dhcpd" src=67 scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket
type=SYSCALL msg=audit(1118774433.422:183565): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfbb8fc0 a2=95ea04 a3=6 items=0 pid=2125 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="dhcpd" exe="/usr/sbin/dhcpd"
type=SOCKADDR msg=audit(1118774433.422:183565): saddr=02000043000000000000000000000000
type=SOCKETCALL msg=audit(1118774433.422:183565): nargs=3 a0=6 a1=bfbb8fe8 a2=10

Here's the config file:

subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.200 192.168.1.250;
        default-lease-time 86400;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        option routers 192.168.1.254;
        option domain-name-servers 192.168.1.120;
        option domain-name "XXXXXXX.YYYYYYY";
        option netbios-name-servers 192.168.1.120;
        ping-check true;
}
authoritative;
ddns-update-style ad-hoc;


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-6

How reproducible:
Always

Steps to Reproduce:
1. see above
2.
3.
  

Actual Results:  dhcpd is denied access to the interface

Expected Results:  well duh

Additional info:
Comment 1 You 2005-06-16 12:51:08 UTC 
I also have same problem. (so I guess this is a confirm).
My Details:

Try to connect to eth0 through 'USB CDC Ether'.

With selinux on no conncetion is made. Turning selinux off allows dhcp to
connect to the internet. (NTL cable modem in the UK).
Comment 2 Stanislav Polasek 2005-06-17 09:09:42 UTC 
Created attachment 115598 [details]
correction /etc/selinux/targeted/src/policy/types/network.te

Please try the patch, it works for me.
Comment 3 Stanislav Polasek 2005-06-17 09:16:11 UTC 
Created attachment 115600 [details]
/etc/selinux/targeted/src/policy/types/network.te

Sorry, thi is the correct one.
Comment 4 Nerijus Baliūnas 2005-06-17 15:11:24 UTC 
Bugs 159378 and 160790 are duplicates of this. It seems it is worth to try to
restart all important services before releasing new selinux-policy-targeted package.
Comment 5 Daniel Walsh 2005-07-11 18:44:46 UTC 
Fixed in selinux-policy-targeted-1.25.1-7
Comment 6 Ville Skyttä 2005-07-19 16:00:05 UTC 
Updating seems to have fixed the problems here.
Note You need to log in before you can comment on or make changes to this bug.