Bug 145125 - new rawhide NetworkManager attempts to start bind which is restricted by the SELinux targeted policy
new rawhide NetworkManager attempts to start bind which is restricted by the ...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dan Williams
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-14 11:30 EST by James Laska
Modified: 2013-09-02 02:04 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-25 12:33:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
NetworkManager SELinux denial msgs (4.50 KB, text/plain)
2005-01-14 11:30 EST, James Laska
no flags Details

  None (edit)
Description James Laska 2005-01-14 11:30:06 EST
Created attachment 109785 [details]
NetworkManager SELinux denial msgs
Comment 1 James Laska 2005-01-14 11:30:06 EST
The latest NetworkManager-0.3.3-1.cvs20050112.3.i386 has added bind code to
handle /etc/resolv.conf 

  * Wed Jan 12 2005 <dcbw@redhat.com> - 0.3.3-1.cvs20050112
  - Use bind in "caching-nameserver" mode to work around stupidity
        in glibc's resolver library not recognizing resolv.conf changes

Once I started the new NetworkManager daemon I noticed that my wired device was
getting an IP ... however named was not starting so hostnames were not
resolving.  I have attached the SELinux denial messages I encountered.   made
the following policy corrections, make, make reload ... and all seems well.

allow named_t initrc_tmp_t:file read;
allow named_t initrc_tmp_t:file getattr;
allow named_t initrc_tmp_t:file unlink;
allow named_t proc_net_t:dir search;
allow named_t proc_net_t:file read;
allow named_t proc_net_t:file getattr;
Comment 2 Dan Williams 2005-01-14 12:03:46 EST
Over to Walters...  we use bind in a caching-nameserver functionality to work
around glibc not noticing changes to /etc/resolv.conf.
Comment 3 Daniel Walsh 2005-01-21 14:27:46 EST
This is a bug in NetworkManager.  So I am transfering it over to them,

NetworkManager should be creating its files in /var/named/data directory

I added proc_net support for named selinux-policy-targeted-1.21.2-5
Comment 4 Colin Walters 2005-01-25 12:33:52 EST
Should be fixed in rawhide now.

Note You need to log in before you can comment on or make changes to this bug.