Well this is self reply though, I kinda found the reason that what caused the problem. I have created my daemon's home in /var/lib/my_daemon and it caused file_context to have setting home_root_t:dir for /var/lib. I'm going to create file context settings for my daemon.

Sorry for the bandwith,

• Junji

Junji Kanemaru wrote:
> Hi,
>
> I have problem with dhcpd that it seems some recent policy update
> has affected dhcpd runtime environment.
> dhcpd gets avc permission error when dhcpd accesses to
> /var/lib/dhcpd.leases. The dmesg says:
>
> audit(1113209633.019:0): avc: denied { search } for
> pid=5585 exe=/usr/sbin/dhcpd name=lib dev=dm-0 ino=1409026
> scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:home_root_t
> tclass=dir
>
> So I quick looked into policy setting and found there's a type setting
> in /etc/selinux/targeted/src/policy/file_contexts/file_contexts that
> /var/lib is set to 'system_u:object_r:home_root_t' but 'dhcpd.te' doesn't
> have permission to traverse 'home_root_t:dir'...
> I added permission 'allow dhcpd_t home_root_t:dir { getattr search };' to
> 'dhcpd.te', the error has gone.
> But I'm not really sure if I did right thing or not, I'd like to hear from
> SELinux gurus if it is OK with this fix or there's some security exploit with
> my fix, or there's complete fix...
> Please enlighten me.
>
> Thanks,
>
> -- Junji
>

-- 
Junji Kanemaru
Linuon Inc.
Tokyo Japan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.