Bug 211065 - connecting using dialup connection cannot update /etc/resolve.conf
Summary: connecting using dialup connection cannot update /etc/resolve.conf
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2006-10-17 03:50 UTC by Brian G. Anderson
Modified: 2018-04-11 19:36 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-20 15:56:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Brian G. Anderson 2006-10-17 03:50:04 UTC
Description of problem:
when I use the NM applet to connect a dialup connecition I get the following
message in /var/log/messages: 

Oct 16 20:31:31 porco kernel: audit(1161055891.481:36): avc:  denied  { write } 
for  pid=5934 comm="pppd" name="resolv.conf" dev=dm-0 ino=10542765 scontext=syst
em_u:system_r:pppd_t:s0 tcontext=user_u:object_r:pppd_etc_t:s0 tclass=file
Oct 16 20:31:31 porco NET[6003]: /etc/sysconfig/network-scripts/ifup-post : upda
ted /etc/resolv.conf

I do not get this if I bring the connection up using ifup.

The end result is that sometimes /etc/resolve.conf will not be updated properly.
 It looks like, instead of updating /etc/resolve/conf with the new dns server
info, it updates it with the last successful connection dns info.  So sometimes
all host resolution doesn't work.

Version-Release number of selected component (if applicable):

How reproducible:
the avc failure occurs always when using NM to connect

Steps to Reproduce:
1. create a dailup configuration; mine was through a bluetooth modem
2. use NM to connect to dialup
Actual results:
avc denied message; with /etc/resolve.conf not always being update correctly.

Expected results:
no error

Additional info:

Comment 1 Nicola Soranzo 2007-02-15 23:44:04 UTC
I have the same problem, but I have more SELinux denials like:
- SELinux is preventing the ppp daemon from inserting kernel modules. (3 times)
- SELinux is preventing /usr/sbin/pppd (pppd_t) "write" access to resolv.conf
- SELinux is preventing /bin/bash (NetworkManager_t) "read" access to ppp
(pppd_etc_t). (2 times)
- SELinux is preventing /bin/bash (NetworkManager_t) "search" access to ppp

Comment 2 Daniel Walsh 2007-03-09 16:19:02 UTC
The problem here is that resolv.conf has the wrong label on it?  Is this
/etc/resolv.conf or something somewhere else?

resolv.conf should be labeled net_conf_t?

Comment 3 Daniel Walsh 2007-03-09 16:19:51 UTC
restorecon /etc/resolv.conf should fix.  You can also run restorecond to
maintain the file context on this file.

service restorecond start.

Note You need to log in before you can comment on or make changes to this bug.