Bug 999447
| Summary: | dnsmasq can't read host and opts files due to SELinux issues | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Community] RDO | Reporter: | Sandro Mathys <sandro> | ||||
| Component: | openstack-neutron | Assignee: | RHOS Maint <rhos-maint> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Ofer Blaut <oblaut> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | unspecified | CC: | chrisw, lpeer | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-08-21 11:50:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 996776 *** |
Created attachment 788802 [details] audit.log of an affected system Description of problem: Having configured Havana-2 with Neutron (using ovs/netns/gre), dnsmasq won't be able to hand out IP addresses because it can't read host and opts files. Version-Release number of selected component (if applicable): openstack-neutron-2013.2-0.3.b2.el6.noarch openstack-neutron-openvswitch-2013.2-0.3.b2.el6.noarch dnsmasq-2.48-13.el6.x86_64 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch How reproducible: Always. Steps to Reproduce: 1. Install and configure Neutron 2. Configure a network and subnet 3. Launch a guest Actual results: No IP over DHCP, dnsmasq having access problems, i.e. permission denied on host and opts files. Expected results: IP over DHCP. Additional info: Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host: Permission denied Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts: Permission denied Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts unconfined_u:system_r:dnsmasq_t:s0 nobody 5865 0.0 0.0 12880 772 ? S 11:25 0:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal unconfined_u:system_r:dnsmasq_t:s0 root 5866 0.0 0.0 12880 208 ? S 11:25 0:00 \_ dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal # ls -Z /var/lib/neutron/ drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 dhcp drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 external drwx------. neutron neutron unconfined_u:object_r:var_lib_t:s0 keystone-signing drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 lock srwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 metadata_proxy # ls -Z /var/lib/neutron/dhcp/ drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 09ae9120-d280-477b-851d-7687c2394373 srwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 lease_relay # ls -Z /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/ -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 host -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 interface -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 opts -rw-r--r--. root root unconfined_u:object_r:dnsmasq_lease_t:s0 pid See also the attached audit.log.gz (grep for dnsmasq for this issue - there also seems to be an issue around neutron-ns-meta and ifconfig for which I haven't found any consequences yet).