426958 – /etc/init.d/net.eth0 with dhcpcd config doesn't start due do /run migration ~amd64/selinux

Bug 426958 - /etc/init.d/net.eth0 with dhcpcd config doesn't start due do /run migration ~amd64/selinux

Summary: /etc/init.d/net.eth0 with dhcpcd config doesn't start due do /run migration ~...

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:	sec-policy r15
Keywords:

Depends on:
Blocks:	424173
	Show dependency tree

Reported:	2012-07-17 10:00 UTC by Amadeusz Sławiński
Modified:	2012-10-04 18:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Amadeusz Sławiński 2012-07-17 10:00:41 UTC

% cat /etc/conf.d/net

config_eth0="dhcp"


# /etc/init.d/net.eth0 start
Authenticating root.
Password: 
 * Bringing up interface eth0
 *   dhcp ...
 *     Running dhcpcd ...
dhcpcd[2463]: version 5.5.6 starting
dhcpcd[2463]: all: not configured to accept IPv6 RAs
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 54: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 58: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 60: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 64: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
cat: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 54: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 58: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 60: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 64: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
cat: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
dhcpcd[2463]: eth0: rebinding lease of 192.168.0.103
dhcpcd[2463]: eth0: acknowledged 192.168.0.103 from 192.168.0.1
dhcpcd[2463]: eth0: leased 192.168.0.103 for infinity
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 125: /var/run/dhcpcd/resolv.conf/eth0: No such file or directory
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 54: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 58: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 60: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf: line 64: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
cat: /var/run/dhcpcd/resolv.conf.eth0: No such file or directory
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
mkdir: cannot create directory '/var/run/dhcpcd': Permission denied
dhcpcd[2463]: forked to background, child pid 2498                                                                                     [ ok ]
 *     received address 192.168.0.103/24                                                                                               [ ok ]

grep dhcpcd /var/log/avc.log

In enforcing when starting:
Jul 17 11:49:11 lain kernel: [   21.651834] type=1400 audit(1342518551.796:22): avc:  denied  { create } for  pid=2044 comm="dhcpcd" name="dhcpcd.sock" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=sock_file
Jul 17 11:49:11 lain kernel: [   21.789595] type=1400 audit(1342518551.933:23): avc:  denied  { create } for  pid=2047 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:11 lain kernel: [   21.823437] type=1400 audit(1342518551.969:24): avc:  denied  { create } for  pid=2054 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:11 lain kernel: [   21.838603] type=1400 audit(1342518551.983:25): avc:  denied  { create } for  pid=2057 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:12 lain kernel: [   21.852399] type=1400 audit(1342518551.996:26): avc:  denied  { create } for  pid=2064 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:12 lain kernel: [   21.866849] type=1400 audit(1342518552.013:27): avc:  denied  { create } for  pid=2067 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:19 lain kernel: [   29.253815] type=1400 audit(1342518559.413:33): avc:  denied  { create } for  pid=2097 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:19 lain kernel: [   29.257242] type=1400 audit(1342518559.416:34): avc:  denied  { create } for  pid=2099 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:19 lain kernel: [   29.271379] type=1400 audit(1342518559.429:35): avc:  denied  { create } for  pid=2106 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:19 lain kernel: [   29.274766] type=1400 audit(1342518559.433:36): avc:  denied  { create } for  pid=2108 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.475610] type=1400 audit(1342518595.706:42): avc:  denied  { create } for  pid=2466 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.485264] type=1400 audit(1342518595.716:43): avc:  denied  { create } for  pid=2474 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.496044] type=1400 audit(1342518595.726:44): avc:  denied  { create } for  pid=2477 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.505154] type=1400 audit(1342518595.736:45): avc:  denied  { create } for  pid=2484 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.570682] type=1400 audit(1342518595.803:46): avc:  denied  { create } for  pid=2486 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.572883] type=1400 audit(1342518595.803:47): avc:  denied  { create } for  pid=2488 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.581494] type=1400 audit(1342518595.813:48): avc:  denied  { create } for  pid=2495 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:49:55 lain kernel: [   65.584010] type=1400 audit(1342518595.816:49): avc:  denied  { create } for  pid=2497 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir

In enforcing when stopping:
Jul 17 11:51:28 lain kernel: [  158.494628] type=1400 audit(1342518688.909:51): avc:  denied  { create } for  pid=2886 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:51:28 lain kernel: [  158.505815] type=1400 audit(1342518688.923:52): avc:  denied  { create } for  pid=2893 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:51:29 lain kernel: [  158.622402] type=1400 audit(1342518689.039:53): avc:  denied  { create } for  pid=2952 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir
Jul 17 11:51:29 lain kernel: [  158.634673] type=1400 audit(1342518689.049:54): avc:  denied  { create } for  pid=2964 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir

In permissive when starting:
Jul 17 11:52:04 lain kernel: [  193.814838] type=1400 audit(1342518724.299:64): avc:  denied  { create } for  pid=3068 comm="mkdir" name="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:var_run_t tclass=dir

In permissive when stopping:
empty


ls -lZ /run/ | grep dhcpcd
drwxr-xr-x.  4 root root system_u:object_r:var_run_t           80 Jul 17 11:52 dhcpcd
-rw-r--r--.  1 root root system_u:object_r:dhcpc_var_run_t      5 Jul 17 11:52 dhcpcd-eth0.pid
-rw-r--r--.  1 root root system_u:object_r:dhcpc_var_run_t      5 Jul 17 11:49 dhcpcd.pid


Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-17 12:29:47 UTC

I notice two things. One is that the scripts are trying to create directories in /var/run (not /run). If you create "/var/run/dhcpcd" manually and run "restorecon -R /var/run/dhcpcd", does that fix the problem(s)? As the directory in /var/run is static (not regenerated during each boot) that might solve this (short-term).

Regarding the /run, are the logs you show for the /run location or still for /var/run?

Comment 2 Amadeusz Sławiński 2012-07-17 12:37:54 UTC

The problem is that on new installs /var/run is linked to /run which is tmpfs so as far a I can tell all dirs gets recreated every reboot
% ls -l /var | grep run
lrwxrwxrwx.  1 root   root    9 Jul 14 14:34 lock -> /run/lock
lrwxrwxrwx.  1 root   root    4 Jul 14 14:34 run -> /run

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-17 15:28:03 UTC

I hate it, but you're right. recent stage3s have /var/run symlinked to /run

Comment 4 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-17 16:25:29 UTC

Will be fixed in rev15

Comment 5 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-21 20:17:17 UTC

in hardened-dev overlay

Comment 6 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-28 09:27:54 UTC

In main tree, ~arched

Comment 7 Sven Vermeulen (RETIRED) gentoo-dev

2012-10-04 18:34:12 UTC

stabilized