dhcpd cannot open "/proc/sys/net/ipv4/ip_local_port_range"

Solution Verified - Updated -

Issue

  • When starting dhcpd.service unit, the following AVCs are seen when SELinux is in Permissive mode

    type=PROCTITLE msg=... : proctitle=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid 
    type=PATH msg=... : item=0 name=/proc/sys/net/ipv4/ip_local_port_range ...
    type=CWD msg=... : cwd=/ 
    type=SYSCALL msg=... : arch=x86_64 syscall=openat success=yes ... comm=dhcpd exe=/usr/sbin/dhcpd subj=system_u:system_r:dhcpd_t:s0 key=(null) 
    type=AVC msg=... : avc:  denied  { open } for  ... comm=dhcpd path=/proc/sys/net/ipv4/ip_local_port_range dev="proc" ... scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1 
    type=AVC msg=... : avc:  denied  { read } for  pid=37362 comm=dhcpd name=ip_local_port_range dev="proc" ino=181594 scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1 
    type=AVC msg=... : avc:  denied  { search } for  pid=37362 comm=dhcpd name=net dev="proc" ... scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=1 
    ----
    type=PROCTITLE msg=... : proctitle=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid 
    type=SYSCALL msg=... : arch=x86_64 syscall=fstat success=yes ... comm=dhcpd exe=/usr/sbin/dhcpd subj=system_u:system_r:dhcpd_t:s0 key=(null) 
    type=AVC msg=... : avc:  denied  { getattr } for  ... comm=dhcpd path=/proc/sys/net/ipv4/ip_local_port_range dev="proc" ino=181594 scontext=system_u:system_r:dhcpd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1 
    

Environment

  • Red Hat Enterprise Linux (RHEL) 7 and later
    • dhcp
    • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content