Bug 145125
Summary: | new rawhide NetworkManager attempts to start bind which is restricted by the SELinux targeted policy | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | James Laska <jlaska> | ||||
Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | dcbw, dwalsh, jturner, walters | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-01-25 17:33:52 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
The latest NetworkManager-0.3.3-1.cvs20050112.3.i386 has added bind code to handle /etc/resolv.conf * Wed Jan 12 2005 <dcbw> - 0.3.3-1.cvs20050112 - Use bind in "caching-nameserver" mode to work around stupidity in glibc's resolver library not recognizing resolv.conf changes Once I started the new NetworkManager daemon I noticed that my wired device was getting an IP ... however named was not starting so hostnames were not resolving. I have attached the SELinux denial messages I encountered. made the following policy corrections, make, make reload ... and all seems well. allow named_t initrc_tmp_t:file read; allow named_t initrc_tmp_t:file getattr; allow named_t initrc_tmp_t:file unlink; allow named_t proc_net_t:dir search; allow named_t proc_net_t:file read; allow named_t proc_net_t:file getattr; Over to Walters... we use bind in a caching-nameserver functionality to work around glibc not noticing changes to /etc/resolv.conf. This is a bug in NetworkManager. So I am transfering it over to them, NetworkManager should be creating its files in /var/named/data directory I added proc_net support for named selinux-policy-targeted-1.21.2-5 Should be fixed in rawhide now. |
Created attachment 109785 [details] NetworkManager SELinux denial msgs