-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Chuck Anderson wrote:
It seems the policy needs an update to allow the dhclient-script to work properly:
type=1400 audit(1206128117.122:4): avc: denied { write } for pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0 ino=26088 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.122:5): avc: denied { unlink } for pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0 ino=26088 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.252:6): avc: denied { rename } for pid=2485 comm="mv" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.255:7): avc: denied { write } for pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.255:8): avc: denied { write } for pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.256:9): avc: denied { append } for pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.257:10): avc: denied { append } for pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.257:11): avc: denied { append } for pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.257:12): avc: denied { append } for pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=1400 audit(1206128117.258:13): avc: denied { append } for pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
# audit2allow -R < audit.log
require { type var_run_t; type dhcpc_t; type hald_acl_t; type etc_t; class dir write; class file { write rename unlink append }; }
#============= dhcpc_t ============== allow dhcpc_t etc_t:file { write rename unlink append };
#============= hald_acl_t ============== allow hald_acl_t var_run_t:dir write;
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Someone/thing mislabeled your resolv.conf
restorecon /etc/resolv.conf The hald_acl will be fixed tonight. Your policy module is dangerous