Description of problem:
Dhcp process is unable to write ldap-debug-file.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure dhcpd.conf for ldap and define ldap-debug-file to any file in /var/log (even somewhere else). As an example here, file will be /var/log/dhcp-ldap-startup.log
2. Start/Restart dhcpd service
3. Notice the error in /var/log/messages: DATE HOUR SERVER dhcpd: Error opening debug LDAP log file /var/log/dhcp-ldap-startup.log: Permission denied
I fogot to mentio that this only happens with selinux in enforcing mode. When selinux is disabled or in permissive state, the file can be written.
We have a type slapd_log_t that you can assign to this file and SELinux will allow ldap to write the file.
semanage fcontext -a -t dhcp_log_t /var/log/dhcp-ldap-startup.log
If you have a script that creates the file on boot, you would probably need to add a restorecon to it.