Description of problem: I use NetworkManager with dnsmasq caching nameserver: cat /etc/NetworkManager/conf.d/99-caching-nameserver.conf [main] dns=dnsmasq I boot, but not name resolution. May 12 20:34:11 deer NetworkManager[935]: <warn> [1463078051.3459] dnsmasq[0x55cfb1d9d220]: dnsmasq update failed: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.9" (uid=0 pid=935 comm="/usr/sbin/NetworkManager --no-daemon ") Temporary workaround I disable SELinux: setenforce 0 systemctl restart NetworkManager Version-Release number of selected component (if applicable): dbus-1.11.2-1.fc24.x86_64 dnsmasq-2.75-4.fc24.x86_64 kernel-4.5.4-300.fc24.x86_64 NetworkManager-1.2.2-1.fc24.x86_64 selinux-policy-3.13.1-186.fc24.noarch How reproducible: always
Could you collect SELinux denials and attach them here? # ausearch -m avc -m user_avc -i -ts today
Created attachment 1157129 [details] ausearch -m avc -m user_avc -i -ts today
Based on attached SELinux denials, dnsmasq and NetworkManager cannot talk to each other via D-bus: ---- type=USER_AVC msg=audit(05/13/2016 15:36:31.109:390) : pid=802 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.dnsmasq member=Up dest=org.freedesktop.DBus spid=2811 tpid=2741 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus exe=/usr/bin/dbus-daemon sauid=dbus hostname=? addr=? terminal=?' ---- type=USER_AVC msg=audit(05/13/2016 15:36:31.181:391) : pid=802 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=GetAll dest=:1.59 spid=2741 tpid=2811 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=dbus exe=/usr/bin/dbus-daemon sauid=dbus hostname=? addr=? terminal=?' ----
selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-43d1395a18
selinux-policy-3.13.1-188.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ccd9afa2f
selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.