Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: dhcpd and nscd bug: msg#00121
|
Subject: |
Re: dhcpd and nscd bug |
On Wed, 2005-05-18 at 10:21 +0200, Farkas Levente wrote:
> hi,
> it seems that during startup dhcpd server try to read nscd's pid files
> (i don't know why?):
> -----------------------------------------------
> May 15 00:20:32 atom kernel: audit(1116109232.315:0): avc: denied {
> search } for pid=7400 exe=/usr/sbin/dhcpd name=nscd dev=md0 ino=3777358
> scontext=system_u:system_r:dhcpd_t
> tcontext=system_u:object_r:nscd_var_run_t tclass=dir
> May 15 00:20:32 atom kernel: audit(1116109232.316:0): avc: denied {
> search } for pid=7400 exe=/usr/sbin/dhcpd name=nscd dev=md0 ino=3777358
> scontext=system_u:system_r:dhcpd_t
> tcontext=system_u:object_r:nscd_var_run_t tclass=dir
> -----------------------------------------------
> and inode 3777358 is /var/run/nscd directory. so it'd be useful to add
> this rule to the dhcpd policy:
> allow dhcpd_t nscd_var_run_t:dir search;
> yours.
Just FYI, it isn't the pid file; it is to access the socket to
communicate with nscd for performing name service lookups. As Ivan
said, this can be handled by adding a nscd_client_domain attribute to
the dhcpd_t domain, and all domains with that attribute are then allowed
to communicate with nscd via the socket.
--
Stephen Smalley
National Security Agency
|
| |
