Description of problem: Upon resuming from hibernation, the error was encountered. % uname -a Linux Adelie.Orsus.NET 3.18.9-200.fc21.x86_64 #1 SMP Mon Mar 9 15:10:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Version-Release number of selected component: dnssec-trigger-0.12-20.fc21 Additional info: reporter: libreport-2.3.0 cmdline: /usr/bin/python3 /usr/libexec/dnssec-trigger-script --setup executable: /usr/libexec/dnssec-trigger-script kernel: 3.19.4-200.fc21.x86_64 runlevel: unknown type: Python3 uid: 0 Truncated backtrace: dnssec-trigger-script:473:_write_resolv_conf:PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger' Traceback (most recent call last): File "/usr/libexec/dnssec-trigger-script", line 704, in <module> Application(sys.argv).run() File "/usr/libexec/dnssec-trigger-script", line 459, in run self.method() File "/usr/libexec/dnssec-trigger-script", line 534, in run_setup self._install_resolv_conf(self.resolvconf, self.resolvconf_tmp, config.use_resolv_conf_symlink) File "/usr/libexec/dnssec-trigger-script", line 483, in _install_resolv_conf self._write_resolv_conf(path_tmp) File "/usr/libexec/dnssec-trigger-script", line 473, in _write_resolv_conf with open(path, "w") as target: PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger' Local variables in innermost frame: self: <__main__.Application object at 0x7efd0719fe80> path: '/etc/.resolv.conf.dnssec-trigger'
Created attachment 1018928 [details] File: backtrace
Created attachment 1018929 [details] File: environ
Hello. Thank you for your report. Do you have SELinux enabled (and in enforcing mode)? Can you see any AVCs related to this issue? Thanks!
I'm getting the same error while resuming from suspend. The following AVCs seem to be related: type=AVC msg=audit(1430811010.631:660): avc: denied { search } for pid=3018 comm="dnssec-trigger-" name=".local" dev="dm-2" ino=1050573 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.696:661): avc: denied { create } for pid=3018 comm="dnssec-trigger-" name=".resolv.conf.dnssec-trigger" scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.705:662): avc: denied { execute } for pid=3020 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.706:663): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:664): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:665): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:666): avc: denied { dac_override } for pid=3018 comm="dnssec-trigger-" capability=1 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0 type=AVC msg=audit(1430811010.707:667): avc: denied { execute } for pid=3021 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.708:668): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:669): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:670): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:671): avc: denied { dac_override } for pid=3018 comm="dnssec-trigger-" capability=1 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0 type=AVC msg=audit(1430811010.711:672): avc: denied { net_admin } for pid=3018 comm="dnssec-trigger-" capability=12 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0
SELinux is installed and configured for enforcement. I also noticed that the immutable bit is being set for the /etc/resolv.conf file. Here is the output. root@Adelie:[29]# ls -al resolv.conf* -r--r--r--. 1 root root 56 2015-04-26 10:25 resolv.conf -rw-r--r--. 1 root root 245 2015-04-25 22:52 resolv.conf.tmp root@Adelie:[29]# ls -alZ resolv.conf* -r--r--r--. root root system_u:object_r:net_conf_t:s0 resolv.conf -rw-r--r--. root root system_u:object_r:net_conf_t:s0 resolv.conf.tmp root@Adelie:[34]# lsattr resolv.conf ----i--------e-- resolv.conf root@Adelie:[35]# chattr -i resolv.conf root@Adelie:[36]# lsattr resolv.conf -------------e-- resolv.conf Packages selinux-policy and selinux-policy-targeted are installed.
*** This bug has been marked as a duplicate of bug 1210250 ***