145125 – new rawhide NetworkManager attempts to start bind which is restricted by the SELinux targeted policy

Bug 145125 - new rawhide NetworkManager attempts to start bind which is restricted by the SELinux targeted policy

Summary: new rawhide NetworkManager attempts to start bind which is restricted by the ...

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-01-14 16:30 UTC by James Laska
Modified:	2013-09-02 06:04 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-25 17:33:52 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
NetworkManager SELinux denial msgs (4.50 KB, text/plain) 2005-01-14 16:30 UTC, James Laska	no flags	Details
View All

Description James Laska 2005-01-14 16:30:06 UTC

Created attachment 109785 [details]
NetworkManager SELinux denial msgs

Comment 1 James Laska 2005-01-14 16:30:06 UTC

The latest NetworkManager-0.3.3-1.cvs20050112.3.i386 has added bind code to
handle /etc/resolv.conf 

  * Wed Jan 12 2005 <dcbw> - 0.3.3-1.cvs20050112
  - Use bind in "caching-nameserver" mode to work around stupidity
        in glibc's resolver library not recognizing resolv.conf changes

Once I started the new NetworkManager daemon I noticed that my wired device was
getting an IP ... however named was not starting so hostnames were not
resolving.  I have attached the SELinux denial messages I encountered.   made
the following policy corrections, make, make reload ... and all seems well.

allow named_t initrc_tmp_t:file read;
allow named_t initrc_tmp_t:file getattr;
allow named_t initrc_tmp_t:file unlink;
allow named_t proc_net_t:dir search;
allow named_t proc_net_t:file read;
allow named_t proc_net_t:file getattr;

Comment 2 Dan Williams 2005-01-14 17:03:46 UTC

Over to Walters...  we use bind in a caching-nameserver functionality to work
around glibc not noticing changes to /etc/resolv.conf.

Comment 3 Daniel Walsh 2005-01-21 19:27:46 UTC

This is a bug in NetworkManager.  So I am transfering it over to them,

NetworkManager should be creating its files in /var/named/data directory

I added proc_net support for named selinux-policy-targeted-1.21.2-5

Comment 4 Colin Walters 2005-01-25 17:33:52 UTC

Should be fixed in rawhide now.

Note You need to log in before you can comment on or make changes to this bug.