Bug 2156789

Summary: dnsmasq: cannot open log /var/log/dnsmasq.log
Product: Red Hat Enterprise Linux 9 Reporter: Adam Ibrahim <adibrahi>
Component: dnsmasqAssignee: Petr Menšík <pemensik>
Status: VERIFIED --- QA Contact: Petr Sklenar <psklenar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: pemensik, psklenar
Target Milestone: rcKeywords: MigratedToJIRA, Reopened, TestCaseNeeded, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dnsmasq-2.85-12.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-02 09:12:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2024166    
Bug Blocks:    

Description Adam Ibrahim 2022-12-28 19:23:10 UTC 
This bug was initially created as a copy of Bug #2024166 & #1663692

I am copying this bug because: issue is reproducible in RHEL 9.1
Package version: dnsmasq-2.85-5.el9.x86_64


Description of problem:

DNSmasq failing to start when configured to use a separate log file via log-facility directive.
This occurs if the file does not have a write permission for group, while SELinux is running in enforcing mode

How reproducible:
If a "log-facility=/var/log/dnsmasq.log" has been defined in /etc/dnsmasq.conf, the issue is always present.
If the log-facility is commented out, dnsmasq runs correct.


Steps to Reproduce:
1. Install dnsmasq
3. Edit /etc/dnsmasq.conf to include "log-facility=/var/log/dnsmasq.log"
4. Run: systemctl enable dnsmasq
5. Run: systemctl start dnsmasq
6. Run: systemctl status dnsmasq
7. Run: systemctl restart dnsmasq

Actual results:
dnsmasq fails to restart:
× dnsmasq.service - DNS caching server.
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-12-28 13:11:43 EST; 1min 50s ago
    Process: 1544 ExecStart=/usr/sbin/dnsmasq (code=exited, status=3)
        CPU: 6ms

Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: Starting DNS caching server....
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: dnsmasq: cannot open log /var/log/dnsmasq.log: Permission denied
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: cannot open log /var/log/dnsmasq.log: Permission denied
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: FAILED to start up
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: dnsmasq.service: Control process exited, code=exited, status=3/NOTIMPLEMENTED
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: Failed to start DNS caching server..



Expected results:
dnsmasq should start.

Additional info: 
- Removing log-facility=/var/log/dnsmasq.log from the configuration makes dnsmasq start just fine.
- Switching SELinux to permissive, allows dnsmasq to start correctly using systemctl.

Per Bug #2024166:
===
Posted upstream, already accepted:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016070.html

Accepted and merged:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1f8f78a49b8fd6b2862a3882053b1c6e6e111e5c
===
Comment 1 Petr Menšík 2023-01-23 12:11:33 UTC 
I think this issue was already fixed on Fedora bug #2024166, should be relative simple to backport.
Comment 2 Petr Menšík 2023-06-14 10:10:07 UTC 
Should have a working test, checking it actually works.