Description of problem: Strongswan when ups a connection/tunnel wants to get to local resolver but if fails: ... maximum IKE_SA lifetime 3543s installing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to set DNS configuration: Access denied removing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to revert interface configuration: Access denied adding DNS server failed installing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to set DNS configuration: Access denied removing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to revert interface configuration: Access denied adding DNS server failed handling INTERNAL_IP4_DNS attribute failed installing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to set DNS configuration: Access denied removing DNS server 10.3.1.99 via resolvconf resolvconf: Failed to revert interface configuration: Access denied adding DNS server failed handling INTERNAL_IP4_DNS attribute failed installing new virtual IP 10.3.1.19 It would be great to have a boolean for that. # ausearch -ts 14:40 | grep -Ei '(resolv|swan)' | audit2allow #============= ipsec_mgmt_t ============== allow ipsec_mgmt_t systemd_resolved_t:dbus send_msg; (maybe more?) Many thanks, L. Version-Release number of selected component (if applicable): selinux-policy-3.14.2-44.fc29.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
commit d7e7fe57077889f2cf4c9220cbf4a06d2d264b9b (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Tue Jan 8 18:04:41 2019 +0100 Allow ipsec_t domain dbus chat with systemd_resolved_t BZ(1662443)
selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.