Summary: SELinux is preventing dhclient (dhcpc_t) "write" to ./dhclient-eth0.pid (var_run_t). Detailed Description: SELinux is preventing dhclient (dhcpc_t) "write" to ./dhclient-eth0.pid (var_run_t). The SELinux type var_run_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./dhclient-eth0.pid) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './dhclient-eth0.pid'. If the file context does not change from var_run_t, then this is probably a bug in policy. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy package. If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. Allowing Access: You can attempt to fix file context by executing restorecon -v './dhclient-eth0.pid' Fix Command: restorecon './dhclient-eth0.pid' Additional Information: Source Context system_u:system_r:dhcpc_t:s0 Target Context unconfined_u:object_r:var_run_t:s0 Target Objects ./dhclient-eth0.pid [ file ] Source dhclient Source Path /sbin/dhclient Port <Unknown> Host localhost.localdomain Source RPM Packages dhclient-4.0.0-14.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-42.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name mislabeled_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64 #1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64 Alert Count 3 First Seen Sat 26 Jul 2008 08:16:34 PM EDT Last Seen Sat 26 Jul 2008 08:25:03 PM EDT Local ID c00492f3-e54b-4900-8ebc-3768c488e04e Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1217118303.22:321): avc: denied { write } for pid=18979 comm="dhclient" name="dhclient-eth0.pid" dev=dm-0 ino=14631058 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1217118303.22:321): arch=c000003e syscall=2 success=no exit=-13 a0=7fff8a422e9d a1=241 a2=1a4 a3=4000 items=0 ppid=1 pid=18979 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dhclient" exe="/sbin/dhclient" subj=system_u:system_r:dhcpc_t:s0 key=(null) When i do what it tells me to do which is this command is gives me this error aftwords even in root. " [root@localhost sbin]# restorecon -v './dhclient-eth0.pid' restorecon: stat error on ./dhclient-eth0.pid: No such file or directory [root@localhost sbin]# " As for a fix i have no idea how to fix this. If you can figure this out for me give me a reply by email draxima thanks.
Please yum update selinux-policy-targeted