LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Can't start dhcp service (https://www.linuxquestions.org/questions/linux-newbie-8/cant-start-dhcp-service-4175434909/)

brother.gabriel 10-31-2012 10:10 AM
Can't start dhcp service
 
Please help! I went my Centos4 server today to restart my dhcp service, and I discover that I can't restart it. It is stopped now, but won't start. It says, "Can't open lease database... Permission denied... Check for failed database rewrite attept!" but I am logged in as root via the CLI over the network.

I did make some changes to the dhcp.conf file. But the service is acting differently than it used to. It used to tell me whether there were errors in the conf file, and where where they were. Now it tells me something else.

Please help!

brother.gabriel 10-31-2012 10:31 AM
Well, it seems that somehow selinux became enabled (I'm not sure how), and that conflicts with the dhcp service, as I understand. I disabled it, but would have to reboot the machine to put that in place.

Is there not a way to restart the dhcp service with selinux running?

mikey99 10-31-2012 12:09 PM
Put selinux into permissive mode by typing

Code:
# setenforce 0
Or perhaps you could use the disable_trans boolean to stop selinux confining dhcpd.
Code:
# setsebool -P dhcpd_disable_trans 1

sag47 10-31-2012 01:57 PM
SELinux does not conflict with DHCP it just means you have it incorrectly configured. I may be able to walk you through configuring it if you're willing rather than blanket disabling everything.

brother.gabriel 10-31-2012 02:20 PM
Solved
 
Well, folks, I did change the selinux option to disable and then restarted the server when noone was on the phone (asterisk). When it came back on line everything worked fine.

I didn't make up the part about selinux blocking the dhcp (I can't remember where someone said that would solve it) - I don't doubt you are right, sag47, but disabling it did in fact, work. If it were a configuration error then the service wouldn't start. But now I can start and restart as I like (which is how it worked before when I had selinux disabled in the first place).

@mikey99, thanks for the tidibit about the selinux configuration entry.

Thank you all for helping me out! I appreciate your advice and attention.

sag47 10-31-2012 02:43 PM
Quote:
Originally Posted by brother.gabriel (Post 4819168)
I didn't make up the part about selinux blocking the dhcp (I can't remember where someone said that would solve it) - I don't doubt you are right, sag47, but disabling it did in fact, work. If it were a configuration error then the service wouldn't start. But now I can start and restart as I like (which is how it worked before when I had selinux disabled in the first place).
I didn't say you made up SELinux interfering with it. It is likely interfering by design because you have it misconfigured.

My dhcp works just fine with SELinux enabled.
Code:
[root@stealth lib]# ls -Z /var/lib | grep dhcpd
drwxr-xr-x. dhcpd  dhcpd  system_u:object_r:dhcpd_state_t:s0 dhcpd

[root@stealth dhcp]# ls -Z /etc/dhcp/
drwxr-xr-x. root root system_u:object_r:bin_t:s0      dhclient.d
-rw-r--r--. root root system_u:object_r:dhcp_etc_t:s0  dhcpd6.conf
-rw-r--r--. root root system_u:object_r:dhcp_etc_t:s0  dhcpd.conf

[root@stealth dhcp]# getenforce
Enforcing

[root@stealth dhcp]# systemctl status dhcpd.service
dhcpd.service - DHCPv4 Server Daemon
          Loaded: loaded (/lib/systemd/system/dhcpd.service; enabled)
          Active: active (running) since Tue, 16 Oct 2012 00:12:30 -0400; 2 weeks and 1 days ago
        Main PID: 29061 (dhcpd)
          CGroup: name=systemd:/system/dhcpd.service
                  └ 29061 /usr/sbin/dhcpd -f -user dhcpd -group dhcpd --no-pid
In all likelihood you just have your security contexts incorrect. Notice I have dhcpd running with no problems along side SELinux.

I would also like you to note the security context type on /etc/dhcp/dhcpd.conf (the type is dhcp_etc_t) and /var/lib/dhcpd/ folder (the type is dhcpd_state_t). The contents of /var/lib/dhcpd/ should also be of type dhcpd_state_t.

If it's not then see the man page for restorecon command (namely the -R option) search my LQ blog entries for selinux where I encounter problems and resolve them. By disabling SELinux you're removing a primary feature that makes having CentOS or RHEL worth having over other operating systems.


All times are GMT -5. The time now is 02:19 AM.