Bug 175164 - dhclient / selinux avc: denied
dhclient / selinux avc: denied
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-06 23:19 EST by p thompson
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-02 12:31:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description p thompson 2005-12-06 23:19:44 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
I make use of the option in /sbin/dhclient-scripts for a /etc/dhclient-exit-hooks file, and I seem to get a lot of these while the exit hooks fail to run.
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.758:65): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.770:66): avc:  denied  { search } for  pid=1450 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.774:71): avc:  denied  { search } for  pid=1451 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.778:76): avc:  denied  { search } for  pid=1453 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:81): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:82): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:83): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.786:84): avc:  denied  { search } for  pid=1455 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.786:89): avc:  denied  { search } for  pid=1456 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:94): avc:  denied  { search } for  pid=1458 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:99): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:100): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:101): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.798:102): avc:  denied  { search } for  pid=1459 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.862:119): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:36 monotheletisia kernel: audit(1133928059.570:124): avc:  denied  { search } for  pid=1480 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:36 monotheletisia kernel: audit(1133928059.654:129): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:134): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:135): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:136): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:41 monotheletisia kernel: audit(1133928313.466:137): avc:  denied  { write } for  pid=1966 comm="dhclient-script" name="resolv.conf" dev=sdg2 ino=539441 scontext=system_u:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
Dec  6 22:05:41 monotheletisia kernel: audit(1133928313.466:138): avc:  denied  { write } for  pid=1966 comm="dhclient-script" name="resolv.conf" dev=sdg2 ino=539441 scontext=system_u:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.1-2.16

How reproducible:
Always

Steps to Reproduce:
1. operate dhclient
2.
3.
  

Additional info:

ls -Z /etc/dhclient-exit-hooks /sbin/dhclient-script /root/dhmail.pl
-rwxr-xr-x  root     root     system_u:object_r:dhcpc_exec_t   /etc/dhclient-exit-hooks
-rwxrwxr-x  root     thompson system_u:object_r:dhcpc_exec_t   /root/dhmail.pl
-rwxr-xr-x  root     root     system_u:object_r:dhcpc_exec_t   /sbin/dhclient-script
-rw-r--r--  root     root     system_u:object_r:net_conf_t     /etc/resolv.conf

I just changed the owner of dhmail.pl to root, I will see if that helps anything.
Comment 1 Daniel Walsh 2005-12-07 12:14:47 EST
Your /usr partition is mislabled.  Please
touch /.autorelabel
reboot

Note You need to log in before you can comment on or make changes to this bug.