Bug 446404

Summary: vpnc-script generates invalid resolv.conf
Product: [Fedora] Fedora Reporter: Brian Long <brilong>
Component: vpncAssignee: Tomas Mraz <tmraz>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 9CC: mjs, wongc, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-10 06:41:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fixed vpnc-script none

Description Brian Long 2008-05-14 14:24:55 UTC 
Description of problem:
/etc/vpnc/vpnc-script incorrectly writes an /etc/resolv.conf with multiple
domains on the "domain" line instead of putting them on the "search" line.  This
causes "host" to barf. For example, this is a vpnc-script-generated resolv.conf:
domain cisco.com lab.cisco.com
search cisco.com
nameserver 192.168.y.z
nameserver 64.x.y.z

Version-Release number of selected component (if applicable):
vpnc-0.5.1-5.fc9.i386

How reproducible:
Always

Steps to Reproduce:
1. vpnc into a gateway that provides two search domains
2. the search domains will be placed on the "domain" line instead of the
"search" line of resolv.conf

Actual results:
> host foo
host: parse of /etc/resolv.conf failed

Expected results:
> host foo
foo.cisco.com is an alias for foo1.cisco.com.
foo1.cisco.com has address 64.x.y.z
Comment 1 Brian Long 2008-05-14 14:39:45 UTC 
Created attachment 305368 [details]
Fixed vpnc-script

This vpnc-script separates the cases for domain*) and search*).  This avoids
appending to an existing domain line.
Comment 2 C. Y. Wong 2008-06-29 15:58:18 UTC 
I do not have Brian Long's problem of getting two search domians that Brian Long
mentioned.

My problem is that I have been using vpnc in Fedora 9 (2.6.25-14.fc9.i686)
successfully with no problem.  However, recently I updated the kernel to Fedora9
(2.6.25.6-55.fc9.i686) together with many other updates last week.  Then when I
start the  vpnc  procedure, I get the following message:


/etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 133: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 134: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 135: /sbin/ip: Permission denied
VPNC started in background (pid: 3127)...

and the vpnc connection does not work.

I tried to boot the system with the older kernel of Fedora 9 
(2.6.25-14.fc9.i686), but now the same error message comes out.
How do we fix this bug?

C. Y. Wong
Comment 3 Tomas Mraz 2008-06-30 07:36:17 UTC 
re comment #2: This seems like problem with SELinux policy in regards to vpnc.
Can you please open a new bug against vpnc with this report and attach dump of
'ausearch -m AVC' and put dwalsh(@redhat.com) to cc of the new bug?
Comment 4 Tomas Mraz 2008-07-24 16:16:01 UTC 
As for the original report. It is questionable whether the domain line should be
changed at all. I think it should not and just the search line should be
modified or added when it is not present.
Comment 5 Brian Long 2008-07-24 16:46:44 UTC 
That's acceptable to me.
Comment 6 Fedora Update System 2008-07-25 07:43:04 UTC 
vpnc-0.5.1-6.fc9 has been submitted as an update for Fedora 9
Comment 7 Matthew Saltzman 2008-07-25 11:37:48 UTC 
Fedora 8 too, please?
Comment 8 Fedora Update System 2008-07-30 20:01:38 UTC 
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update vpnc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6782
Comment 9 Matthew Saltzman 2008-07-30 20:54:42 UTC 
Fedora 8 too, please?

TIA.
Comment 10 Fedora Update System 2008-09-10 06:41:30 UTC 
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.