Bug 1215376 - [abrt] dnssec-trigger: dnssec-trigger-script:473:_write_resolv_conf:PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger'
Summary: [abrt] dnssec-trigger: dnssec-trigger-script:473:_write_resolv_conf:Permissio...
Keywords:
Status: CLOSED DUPLICATE of bug 1210250
Alias: None
Product: Fedora
Classification: Fedora
Component: dnssec-trigger
Version: 21
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:1f8de9cfac906eab6955f098307...
Depends On:
Blocks: Default_Local_DNS_Resolver
TreeView+ depends on / blocked
 
Reported: 2015-04-26 02:18 UTC by lso
Modified: 2015-07-15 13:24 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-07-15 13:24:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (954 bytes, text/plain)
2015-04-26 02:18 UTC, lso
no flags Details
File: environ (134 bytes, text/plain)
2015-04-26 02:18 UTC, lso
no flags Details

Description lso 2015-04-26 02:18:51 UTC
Description of problem:
Upon resuming from hibernation, the error was encountered.

% uname -a 
Linux Adelie.Orsus.NET 3.18.9-200.fc21.x86_64 #1 SMP Mon Mar 9 15:10:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Version-Release number of selected component:
dnssec-trigger-0.12-20.fc21

Additional info:
reporter:       libreport-2.3.0
cmdline:        /usr/bin/python3 /usr/libexec/dnssec-trigger-script --setup
executable:     /usr/libexec/dnssec-trigger-script
kernel:         3.19.4-200.fc21.x86_64
runlevel:       unknown
type:           Python3
uid:            0

Truncated backtrace:
dnssec-trigger-script:473:_write_resolv_conf:PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger'

Traceback (most recent call last):
  File "/usr/libexec/dnssec-trigger-script", line 704, in <module>
    Application(sys.argv).run()
  File "/usr/libexec/dnssec-trigger-script", line 459, in run
    self.method()
  File "/usr/libexec/dnssec-trigger-script", line 534, in run_setup
    self._install_resolv_conf(self.resolvconf, self.resolvconf_tmp, config.use_resolv_conf_symlink)
  File "/usr/libexec/dnssec-trigger-script", line 483, in _install_resolv_conf
    self._write_resolv_conf(path_tmp)
  File "/usr/libexec/dnssec-trigger-script", line 473, in _write_resolv_conf
    with open(path, "w") as target:
PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger'

Local variables in innermost frame:
self: <__main__.Application object at 0x7efd0719fe80>
path: '/etc/.resolv.conf.dnssec-trigger'

Comment 1 lso 2015-04-26 02:18:53 UTC
Created attachment 1018928 [details]
File: backtrace

Comment 2 lso 2015-04-26 02:18:54 UTC
Created attachment 1018929 [details]
File: environ

Comment 3 Tomáš Hozza 2015-04-27 06:58:21 UTC
Hello.

Thank you for your report. Do you have SELinux enabled (and in enforcing mode)? Can you see any AVCs related to this issue?

Thanks!

Comment 4 Dominik 'Rathann' Mierzejewski 2015-05-05 07:35:00 UTC
I'm getting the same error while resuming from suspend. The following AVCs seem to be related:
type=AVC msg=audit(1430811010.631:660): avc:  denied  { search } for  pid=3018 comm="dnssec-trigger-" name=".local" dev="dm-2" ino=1050573 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.696:661): avc:  denied  { create } for  pid=3018 comm="dnssec-trigger-" name=".resolv.conf.dnssec-trigger" scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0
type=AVC msg=audit(1430811010.705:662): avc:  denied  { execute } for  pid=3020 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1430811010.706:663): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.706:664): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.706:665): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.706:666): avc:  denied  { dac_override } for  pid=3018 comm="dnssec-trigger-" capability=1  scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1430811010.707:667): avc:  denied  { execute } for  pid=3021 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1430811010.708:668): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.708:669): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.708:670): avc:  denied  { write } for  pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1430811010.708:671): avc:  denied  { dac_override } for  pid=3018 comm="dnssec-trigger-" capability=1  scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1430811010.711:672): avc:  denied  { net_admin } for  pid=3018 comm="dnssec-trigger-" capability=12  scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0

Comment 5 lso 2015-05-05 16:11:18 UTC
SELinux is installed and configured for enforcement.  I also noticed that
the immutable bit is being set for the /etc/resolv.conf file.  Here is the
output.


   root@Adelie:[29]# ls -al resolv.conf*
   -r--r--r--. 1 root root  56 2015-04-26 10:25 resolv.conf
   -rw-r--r--. 1 root root 245 2015-04-25 22:52 resolv.conf.tmp

   root@Adelie:[29]# ls -alZ resolv.conf*
   -r--r--r--. root root system_u:object_r:net_conf_t:s0  resolv.conf
   -rw-r--r--. root root system_u:object_r:net_conf_t:s0  resolv.conf.tmp

   root@Adelie:[34]# lsattr resolv.conf
   ----i--------e-- resolv.conf

   root@Adelie:[35]# chattr -i resolv.conf
   root@Adelie:[36]# lsattr resolv.conf
   -------------e-- resolv.conf

Packages selinux-policy and selinux-policy-targeted are installed.

Comment 6 Tomáš Hozza 2015-07-15 13:24:50 UTC

*** This bug has been marked as a duplicate of bug 1210250 ***


Note You need to log in before you can comment on or make changes to this bug.