Bug 477078 - SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.
SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: dhcp (Show other bugs)
10
i386 Linux
low Severity urgent
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-18 19:00 EST by Chris
Modified: 2009-01-08 13:38 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-08 13:38:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris 2008-12-18 19:00:15 EST
Description of problem:

[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]SELinux denied access requested by dhclient. It is not expected that this access is required by dhclient and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 
(BTW the above is a copy of the setroubleshoot-message)

Version-Release number of selected component (if applicable):


How reproducible:
Install Fedora 10 (network installation on i386 with 1 wired ethernet card (e100) and 1 wireless network card (Ralink 2500 pci, kernel module rt2500pci)). Since installation only succeeds "the wired way", i.e. intel e100, after completion of the installation, reboot etc. the wireless card is not able to connect to a wireless router. The router is unable to assign an IP (ipv4) address to the wireless card, I guess as a result of the interference of SELINUX (though I am not absolutely sure). 

I may not be in any position of giving you development team advices, but doing so anyway: Please get rid of this SELINUX thing, since the way it enforces security is by making people not using linux at all. (i've had nothing but trouble with this unasked-for showstopper). My statement: increase linux market-share to levels beyond MS-W by simply taking out the incredibly user-scary SELINUX monster. Fedora 10 really would have been brilliant as compared to certain German and French competitors, hadn't it given such emphasis on SE......


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 David Cantrell 2008-12-18 20:01:52 EST
I have released a number of updates to dhcp in F-10 to fix SELinux problems.  Can you give me the nvr of the dhcp or dhclient package you're using now?

rpm -qa | grep dhcp
Comment 2 David Cantrell 2009-01-08 13:38:28 EST
An update for this problem has been released for F-10.  Without knowing the nvr of the package you are using, I cannot investigate further.

Note You need to log in before you can comment on or make changes to this bug.