Red Hat Bugzilla – Bug 243778
Doesn't allow ifdown to signal dhclient
Last modified: 2014-03-16 23:07:20 EDT
Description of problem:
SELinux is preventing ifdown-eth (udev_t) "signal" to (dhcpc_t).
SELinux denied access requested by ifdown-eth. It is not expected that this
access is required by ifdown-eth and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
a) it needs to allow this as-is
b) udev needs to transition to the proper domain when calling ifdown
Version-Release number of selected component (if applicable):
Fixed in selinux-policy-2.6.4-15
Why does udev do this and not hal?
It's just the way it's always been done, I suppose. The 'ifup' bits seem to work
Closing as fixes are in the current release