Red Hat Bugzilla – Bug 867291
chown capability for dhcpd_t
Last modified: 2012-12-20 11:21:01 EST
Created attachment 628601 [details]
would it be possible to have (F18+ would be sufficient) chown capability for dhcpd_t.
dhcpd is de-rooting (changing effective user/group ID) itself during start, but before doing it it creates /var/lib/dhcpd/*.leases file. The leases file can't be created after de-rooting because of bug #765967.
In selinux-policy-3.10.0-72.fc16 dhcpd got dac_override to be able to create root:root owned files in /var/lib/dhcpd, which is owned by dhcpd:dhcpd.
Because we need the leases file to be also dhcpd:dhcpd owned the reporter of bug #866714 suggested to chown them after creating, which seems to work but we need to tweak the SELinux policy, see bug #866714, comment #11.
Actually, shouldn't this be fixed in F-17? That is where the original bug is...
I'd rather fix the original bug in F18+ only.
It's not so serious problem and I don't want to introduce some regression as the last time (bug #765967) I tried to fix it.
Added to -40.fc18
(In reply to comment #2)
> I'd rather fix the original bug in F18+ only.
> It's not so serious problem and I don't want to introduce some regression as
> the last time (bug #765967) I tried to fix it.
Come on - be bold! Just pot it in testing and we'll see...
(In reply to comment #4)
> Come on - be bold! Just pot it in testing and we'll see...
Sorry, typo. Put, not pot.
Well, that depends on Miroslav. Mirku, is this viable also in F17 ?
selinux-policy-3.11.1-43.fc18 has been submitted as an update for Fedora 18.
selinux-policy-3.11.1-46.fc18 has been submitted as an update for Fedora 18.
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-46.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.11.1-46.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.