FC4 dhcp, firestarter and SE Linux permission denied messages

David Niemi drn_temp2 at rogers.com
Wed Jun 29 13:38:42 UTC 2005


I appear to be having audit problems with some of the things that
firestarter wants to do when starting up and SE Linux.  Initially dhcpd
was giving errors and I found that dhcpd.conf contained some really
strange IP addresses (136.54.10.8, whois -> Ford motor company???) as
the subnet, netmask, etc.  Got that straighted out and firestarter
appears to be starting though I haven't plugged my home network into it
yet to check.

I am still getting errors when in the graphical part of the boot when
services are starting (sorry, don't know the proper name) from
firestarter about cp and "resolv.conf.predhclient" and some output from
the dhcpd.

Checking /var/log/messages I have found ~57 lines like:

Jun 29 08:55:24 localhost kernel: audit(1120049722.072:2): avc:  denied
{ write } for  pid=1791 comm="cp" name=resolv.conf.predhclient dev=hda3
ino=680749 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jun 29 08:55:24 localhost kernel: audit(1120049722.072:3): avc:  denied
{ unlink } for  pid=1791 comm="cp" name=resolv.conf.predhclient dev=hda3
ino=680749 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jun 29 08:55:24 localhost kernel: audit(1120049722.164:4): avc:  denied
{ execute } for  pid=1831 comm="sh" name=modprobe dev=hda3 ino=129716
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:insmod_exec_t tclass=file

about modeprobe and iptables also.

I've read the messages about "Re: Can't bind to dhcp address: Permission
denied??" and tried Alexander's disable and reenable the protection on
dhcpd and it didn't work.

All of the message that I've kept from the past couple of weeks on dhcp
haven't really helped, nor the messages about the policies.

I've got VERY little knowledge of SE Linux policies, messages, and
commands, so any help would be GREATLY appreciated

Dave




More information about the fedora-list mailing list