Bug 740658 - dhcp can't write ldap debug file
Summary: dhcp can't write ldap debug file
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-22 20:42 UTC by Julian RY
Modified: 2011-09-23 13:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-23 13:32:30 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Julian RY 2011-09-22 20:42:25 UTC 
Description of problem:
Dhcp process is unable to write ldap-debug-file.


Version-Release number of selected component (if applicable):
dhcp-4.2.1-10.P1


Steps to Reproduce:
1. Configure dhcpd.conf for ldap and define ldap-debug-file to any file in /var/log (even somewhere else). As an example here, file will be /var/log/dhcp-ldap-startup.log
2. Start/Restart dhcpd service
3. Notice the error in /var/log/messages: DATE HOUR SERVER dhcpd: Error opening debug LDAP log file /var/log/dhcp-ldap-startup.log: Permission denied

  
Actual results:


Expected results:


Additional info:
Comment 1 Julian RY 2011-09-23 11:43:14 UTC 
I fogot to mentio that this only happens with selinux in enforcing mode. When selinux is disabled or in permissive state, the file can be written.
Comment 2 Daniel Walsh 2011-09-23 12:55:59 UTC 
We have a type slapd_log_t that you can assign to this file and SELinux will allow ldap to write the file.


semanage fcontext -a -t dhcp_log_t /var/log/dhcp-ldap-startup.log
restorecon /var/log/dhcp-ldap-startup.log
Comment 3 Daniel Walsh 2011-09-23 13:32:30 UTC 
If you have a script that creates the file on boot, you would probably need to add a restorecon to it.
Note You need to log in before you can comment on or make changes to this bug.