Description of problem: Selinux prevents NetworkManager from killing an older dhclient6 at boot time and dhclient6 can't get access to the port it needs leading to a failure to get an ipv6 address assigned. Version-Release number of selected component (if applicable): NetworkManager.x86_64 1:0.9.9.0-25.git20131003.fc20 @updates-testing dhclient.x86_64 12:4.2.5-26.fc20 @koji-override-0/$releasever selinux-policy.noarch 3.12.1-117.fc20 @updates-testing selinux-policy-devel.noarch 3.12.1-117.fc20 @updates-testing selinux-policy-targeted.noarch 3.12.1-117.fc20 @updates-testing How reproducible: always Steps to Reproduce: 1. reboot a machine that uses dhclient6 and networkmanager to get an ipv6 address 2. ifconfig 3. notice no ipv6 address Actual results: no ipv6 address Expected results: an ipv6 address Additional info: Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Internet Systems Consortium DHCP Client 4.2.5 Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Copyright 2004-2013 Internet Systems Consortium. Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: All rights reserved. Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: For info, please visit https://www.isc.org/software/dhcp/ Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> (p32p1): DHCPv4 state changed nbi -> preinit Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: Internet Systems Consortium DHCP Client 4.2.5 Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: Copyright 2004-2013 Internet Systems Consortium. Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: All rights reserved. Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: For info, please visit https://www.isc.org/software/dhcp/ Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> (p32p1): DHCPv6 state changed nbi -> preinit6 Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Can't bind to dhcp address: Cannot assign requested address Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Please make sure there is no other dhcp server Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: running and that there's no entry for dhcp or Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: bootp in /etc/inetd.conf. Also make sure you Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: are not running HP JetAdmin software, which Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: includes a bootp server. Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: This version of ISC DHCP is based on the relea se available Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: on ftp.isc.org. Features have been added and other changes Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: have been made to the base software release in order to make Jan 19 02:22:43 arbol.wsrcc.com dhclient[998]: it work better with this distribution. Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> (p32p1): DHCPv6 client pid 998 exited with status 1 Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> Activation (p32p1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled... Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> Activation (p32p1) Stage 4 of 5 (IPv6 Configure Timeout) started... Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: <info> Activation (p32p1) Stage 4 of 5 (IPv6 Configure Timeout) complete. Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: Can't bind to dhcp address: Cannot assign requested address Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: Please make sure there is no other dhcp server Jan 19 02:22:43 arbol.wsrcc.com NetworkManager[495]: running and that there's no entry for dhcp or and from /var/log/audit/audit.log: type=AVC msg=audit(1390124976.676:89): avc: denied { sigkill } for pid=1002 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=AVC msg=audit(1390126001.677:99): avc: denied { sigkill } for pid=1014 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=AVC msg=audit(1390126969.676:101): avc: denied { sigkill } for pid=1006 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process [
for some reason running "systemctl restart NetworkManager" from root allows everything to work correctly. that is also my workaround.
Has been addded. commit 45b2e2074d53b5ce09afd9ed03b3319e668a3197 Author: Dan Walsh <dwalsh> Date: Thu Jan 16 16:29:06 2014 -0500 Allow NetworkManager to signal and sigkill init scripts
selinux-policy-3.12.1-119.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-119.fc20
Created attachment 852906 [details] journalctl -b0 -u NetworkManager showing dhclient6 failing to attach to the port.
Created attachment 852907 [details] ifcfg file for the failing interface
selinux-policy-3.12.1-119.fc20 fixes the avc in /var/log/audit/audit.log but the problem with dhclient6 failing still persists. I'm at a loss. Are we really looking at two overlapping bugs (say another in NetworkManager) that were introduced within a day or two of each other?
Package selinux-policy-3.12.1-119.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-119.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1249/selinux-policy-3.12.1-119.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-119.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.