765967 – failover socket not created if in reserved port range

Bug 765967 - failover socket not created if in reserved port range

Summary: failover socket not created if in reserved port range

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dhcp
Sub Component:
Version:	16
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Jiri Popelka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	769551
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-09 19:28 UTC by Jeff Bailey
Modified:	2012-01-28 03:31 UTC (History)
CC List:	1 user (show)
Fixed In Version:	dhcp-4.2.3-6.P2.fc16
Clone Of:
Environment:
Last Closed:	2012-01-28 03:31:54 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jeff Bailey 2011-12-09 19:28:16 UTC

Description of problem:
When configured for failover with the default ports a "netstat -a" doesn't show a socket for the failover port and there is no error logged.  When the failover port is set above 1024, selinux prevents the address binding but with selinux disabled everything is fine.  I'm assuming the failover socket is being created/bound after the capabilities are being dropped but I haven't looked at the code so I can't be sure.

Version-Release number of selected component (if applicable):
4.2.3-3.fc16

How reproducible:
Always

Steps to Reproduce:
1. Configure a failover peer
2. Start dhcpd normally using systemd
3.
  
Actual results:
No listening socket on the failover port

Expected results:
Netstat shows a tcp socket listening on the failover port

Additional info:

Comment 1 Jiri Popelka 2011-12-20 18:02:05 UTC

Thanks for the investigation. You are completely right.

In 4.2.3-2 I made a change to write lease file after changing effective user/group ID (so the lease file is owned by dhcpd:dhcpd)
because SELinux doesn't allow dhcpd to change ownership of lease file.
Unfortunately the lease file initialization is followed by the failover protocol initialization which needs root privileges.
So the only solution I can think of is to revert the 4.2.3-2 change and change the SELinux policy, i.e. the same as in bug #737571, comment #12.

Jeff, could you try this scratch-build ? Thanks
http://koji.fedoraproject.org/koji/taskinfo?taskID=3596158
(You'll need to temporarily disable SELinux)

Comment 2 Jeff Bailey 2011-12-21 00:27:09 UTC

Yes, that seems to fix it.  I get a socket on 647 now and my leases file is root:root instead of dhcpd:dhcpd.

Comment 3 Fedora Update System 2012-01-23 15:28:13 UTC

dhcp-4.2.3-6.P2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/dhcp-4.2.3-6.P2.fc16

Comment 4 Fedora Update System 2012-01-23 21:54:31 UTC

Package dhcp-4.2.3-6.P2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dhcp-4.2.3-6.P2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0822/dhcp-4.2.3-6.P2.fc16
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-01-28 03:31:54 UTC

dhcp-4.2.3-6.P2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.