Package: selinux-policy-default Version: 2:2.20110726-12 Severity: important Tags: patch
Hi, with a standard > allow-hotplug eth0 > iface eth0 inet dhcp directive in /etc/network/interfaces, a system with selinux enabled in enforcing mode fails to configure eth0 via dhcp because the dhclient is denied to bind to a generic udp port (from dmesg, auditd is not yet running at this point): type=1400 audit(1368139483.940:3): avc: denied { name_bind } for pid=1646 comm="dhclient" src=15087 scontext=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket Looking in the fedora policy, I found that they simply allow dhcpc_t to bind to all udp ports since 2010, so I figured we should, too. However, this change is not found in upstream refpolicy and might actually grant excessive permissions. So if someone knows which ports are needed exactly, we could maybe do better. For now I pushed a change with the full permissions to alioth git. Cheers, Mika -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org