Bug 355661
Summary: | dnsmasq accesses /var/lib/libvirt | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ulrich Drepper <drepper> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-30 19:20:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ulrich Drepper
2007-10-28 06:00:50 UTC
While I could be totally mistaken, I suspect libvirt is configuring your dnsmasq instance to make use of that directory. Nothing in dnsmasq source (or our CVS for it) even refers to that directory, or libvirt at all. However, libvirt makes use of dnsmasq for DHCP services on an internal virtual network (from my understanding). I believe the bug should either be with libvirt or selinux-policy. In summary, I have no way of knowing how "downstream" packages (like libvirt) are going to configure dnsmasq, and shouldn't be responsible for giving them access to things I have no business accessing. :-) You're right. I didn't expect there to be anything like this since I didn't configure or use libvirt at all on his machine. Nevertheless, there it is, this process is running: /usr/sbin/dnsmasq --keep-in-foreground --strict-order --bind-interfaces --pid-file --conf-file --listen-address 192.168.122.1 --except-interface lo --dhcp-leasefile=/var/lib/libvirt/dhcp-default.leases --dhcp-range 192.168.122.2,192.168.122.254 So, Dan, does the policy allow the lease file to be written? The /var/lib/libvirt directory seems to be correctly labelled: # ll -Zd /var/lib/libvirt drwxr-xr-x root root system_u:object_r:virt_var_lib_t:s0 /var/lib/libvirt This should be fixed in selinux-policy-3.0.8-38 Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen. |