William John Murray wrote:
Hello there, I set up a firewall/router/dhcpd/dns server at home; it was very easy, thanks to all for making it so.
But I mis-configured the yum list, putting in fedora-updates.repo and fedora.repo in /etc/yum.conf AND all 4 fedora ones in /etc/yum.repos.d by mistake. My fault.
For a few days yum was broken, trying to install wireless wireless-tools.i386 1:27-0.pre25.3 and 1:28-0.pre4 at once, and complaining that they had the same man page area. But I forced through other updates by doing things like "yum update 'a*'" [I have no wireless, but NetworkManager appeared from somewhere, and it needs wireless-tools!]
All was well, but last night I spotted the problem and switch to just
two repos, fedora.repo and fedora-updates.repo Yum did this:
Jan 20 21:31:45 Updated: bind-libs.i386 20:9.2.4-8_FC3 Jan 20 21:31:48 Updated: bind-utils.i386 20:9.2.4-8_FC3 Jan 20 21:31:49 Updated: cups-libs.i386 1:1.1.22-0.rc1.8.4 Jan 20 21:31:51 Updated: sysklogd.i386 1.4.1-26_FC3 Jan 20 21:31:56 Updated: alsa-lib.i386 1.0.6-7.FC3 Jan 20 21:31:59 Updated: wireless-tools.i386 1:27-0.pre25.3 Jan 20 21:32:03 Updated: grep.i386 2.5.1-31.4 Jan 20 21:32:07 Updated: bind.i386 20:9.2.4-8_FC3 Jan 20 21:32:25 Updated: cups.i386 1:1.1.22-0.rc1.8.4 Jan 20 21:32:27 Updated: words.noarch 3.0-2 Jan 20 21:32:28 Updated: dhcpv6_client.i386 0.10-11_FC3 Jan 20 21:32:31 Updated: dhcp.i386 7:3.0.1-30_FC3 Jan 20 21:32:36 Updated: bind-chroot.i386 20:9.2.4-8_FC3 Jan 20 21:32:38 Updated: apr.i386 0.9.4-24.2 Jan 20 21:32:41 Updated: kernel-utils.i386 1:2.4-13.1.49_FC3 Jan 20 21:32:43 Updated: vixie-cron.i386 1:4.1-20_FC3 Jan 20 21:32:45 Updated: dhclient.i386 7:3.0.1-30_FC3 Jan 21 07:59:04 Updated: hal.i386 0.4.6-1.FC3
And since then dhcp and named have been broken. The /var/log/messages has thinks like: Jan 21 07:33:18 base kernel: audit(1106292798.847:0): avc: denied { read } for pid=3391 exe=/usr/sbin/dhcpd name=dhcpd.leases dev=dm-0 ino=189702 scontext=user_u:system_r:dhcpd_t tcontext=user_u:object_r:dhcp_state_t tclass=file Jan 21 07:33:18 base dhcpd: Can't open lease database /var/lib/dhcp/dhcpd.leases: Permission denied -
But the selinux configuration from redhat-config-security doens't even seem to mention dhcpd. Nb:
Jan 18 07:00:48 Updated: libselinux.i386 1.19.1-8 Jan 18 07:02:08 Updated: libselinux-devel.i386 1.19.1-8 Jan 18 07:10:44 Updated: selinux-policy-targeted.noarch 1.17.30-2.72
Can anyone suggest how I get myself out? Thank you, Bill
This is weird, it should be allowed. Could you please try as root
make -C /etc/selinux/targeted/src/policy load And then restart dhcpd and see if that fixes it?
Dan
