Hi Andre, most interesting is the output of semodule -l. SELinux refpolicy is modular, so that you only have to load the policy for the programs you actually use. Note that in your case you have loaded only some select modules, pretty much a minimal set of modules, which will provide only very basic functionality. Upon installation, the selinux-policy-default package in stable tries to guess which modules you could need and installs those. If you then install other software afterwards, you have to enable other modules yourself. To enable the dhcp module (which hopefully will fix your problem), use: # semodule -i /usr/share/selinux/default/dhcp.pp you will find all available modules in /usr/share/selinux/default/, just check which one sounds like you need it. You can also install all of them and then selectively disable some using # semodule -d dhcp (or equivalent for other module names, see semodule(8)), which is often easier.
Note that having loaded "too many" modules usually only means selinux is not as effective in preventing acceses (if e.g. you don't have an ftp server installed, there is no need to allow ftp access), but it usually will not do much harm. We recognise that this situation (minimal set of default modules enable upon installation) is confusing for many users, which is why we changed this already in debian unstable, such that by default a much larger set (also including dhcp) of modules is installed. I hope this helps you to get up and running with selinux. Unfortunately, there is only very basic documentation about selinux on debian (the best I know is http://debian-handbook.info/browse/stable/sect.selinux.html from the debian administrator's handbook), but it is mostly analogous to how it works on RHEL and Fedora, so you can also read https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/index.html Cheers, Mika --
signature.asc
Description: PGP signature
