Bug 145125
| Summary: | new rawhide NetworkManager attempts to start bind which is restricted by the SELinux targeted policy | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | James Laska <jlaska> | ||||
| Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | dcbw, dwalsh, jturner, walters | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-01-25 17:33:52 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
The latest NetworkManager-0.3.3-1.cvs20050112.3.i386 has added bind code to
handle /etc/resolv.conf
* Wed Jan 12 2005 <dcbw> - 0.3.3-1.cvs20050112
- Use bind in "caching-nameserver" mode to work around stupidity
in glibc's resolver library not recognizing resolv.conf changes
Once I started the new NetworkManager daemon I noticed that my wired device was
getting an IP ... however named was not starting so hostnames were not
resolving. I have attached the SELinux denial messages I encountered. made
the following policy corrections, make, make reload ... and all seems well.
allow named_t initrc_tmp_t:file read;
allow named_t initrc_tmp_t:file getattr;
allow named_t initrc_tmp_t:file unlink;
allow named_t proc_net_t:dir search;
allow named_t proc_net_t:file read;
allow named_t proc_net_t:file getattr;
Over to Walters... we use bind in a caching-nameserver functionality to work around glibc not noticing changes to /etc/resolv.conf. This is a bug in NetworkManager. So I am transfering it over to them, NetworkManager should be creating its files in /var/named/data directory I added proc_net support for named selinux-policy-targeted-1.21.2-5 Should be fixed in rawhide now. |
Created attachment 109785 [details] NetworkManager SELinux denial msgs