[yocto] [meta-selinux][PATCH 2/2] dhcp/init-server: restorecon for dhcpd*.leases
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Fri Jun 6 03:00:34 PDT 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
dhcp-server fails to start with avc denied error:
avc: denied { read } for pid=571 comm="dhcpd" \
name="dhcpd.leases" dev="hda" ino=63911 \
scontext=system_u:system_r:dhcpd_t:s0-s15:c0.c1023 \
tcontext=system_u:object_r:dhcp_state_t:s0 tclass=file
The type for dhcpd.leases is not correct, just fix it before dhcp-
server started.
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
recipes-connectivity/dhcp/files/init-server | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/recipes-connectivity/dhcp/files/init-server b/recipes-connectivity/dhcp/files/init-server
index 34c2085..1d03d7e 100644
--- a/recipes-connectivity/dhcp/files/init-server
+++ b/recipes-connectivity/dhcp/files/init-server
@@ -15,11 +15,19 @@ fi
# should listen on.)
. /etc/default/dhcp-server
+# Restorecon for /var/lib/dhcp/{dhcpd.leases,dhcpd6.leases}
+restorecon_dhcpd_leases(){
+ test ! -x /sbin/restorecon || for x in dhcpd.leases dhcpd6.leases; do
+ [ -f /var/lib/dhcp/$x ] && /sbin/restorecon -F /var/lib/dhcp/$x
+ done
+}
+
case "$1" in
start)
echo -n "Starting DHCP server: "
test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/
test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases
+ restorecon_dhcpd_leases
start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES
echo "."
;;
--
1.7.9.5
More information about the yocto
mailing list