Bug 2156789 - dnsmasq: cannot open log /var/log/dnsmasq.log
Summary: dnsmasq: cannot open log /var/log/dnsmasq.log
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: dnsmasq
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Petr Menšík
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On: 2024166
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-28 19:23 UTC by Adam Ibrahim
Modified: 2023-08-02 09:18 UTC (History)
2 users (show)

Fixed In Version: dnsmasq-2.85-12.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-02 09:12:08 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat/centos-stream/rpms dnsmasq merge_requests 22 0 None opened Add group writeable permission for log file 2023-06-14 10:10:07 UTC
Red Hat Issue Tracker RHELPLAN-143319 0 None None None 2022-12-28 19:32:28 UTC

Description Adam Ibrahim 2022-12-28 19:23:10 UTC 
This bug was initially created as a copy of Bug #2024166 & #1663692

I am copying this bug because: issue is reproducible in RHEL 9.1
Package version: dnsmasq-2.85-5.el9.x86_64


Description of problem:

DNSmasq failing to start when configured to use a separate log file via log-facility directive.
This occurs if the file does not have a write permission for group, while SELinux is running in enforcing mode

How reproducible:
If a "log-facility=/var/log/dnsmasq.log" has been defined in /etc/dnsmasq.conf, the issue is always present.
If the log-facility is commented out, dnsmasq runs correct.


Steps to Reproduce:
1. Install dnsmasq
3. Edit /etc/dnsmasq.conf to include "log-facility=/var/log/dnsmasq.log"
4. Run: systemctl enable dnsmasq
5. Run: systemctl start dnsmasq
6. Run: systemctl status dnsmasq
7. Run: systemctl restart dnsmasq

Actual results:
dnsmasq fails to restart:
× dnsmasq.service - DNS caching server.
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-12-28 13:11:43 EST; 1min 50s ago
    Process: 1544 ExecStart=/usr/sbin/dnsmasq (code=exited, status=3)
        CPU: 6ms

Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: Starting DNS caching server....
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: dnsmasq: cannot open log /var/log/dnsmasq.log: Permission denied
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: cannot open log /var/log/dnsmasq.log: Permission denied
Dec 28 13:11:43 rhel9-1.adamibrahim.net dnsmasq[1544]: FAILED to start up
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: dnsmasq.service: Control process exited, code=exited, status=3/NOTIMPLEMENTED
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Dec 28 13:11:43 rhel9-1.adamibrahim.net systemd[1]: Failed to start DNS caching server..



Expected results:
dnsmasq should start.

Additional info: 
- Removing log-facility=/var/log/dnsmasq.log from the configuration makes dnsmasq start just fine.
- Switching SELinux to permissive, allows dnsmasq to start correctly using systemctl.

Per Bug #2024166:
===
Posted upstream, already accepted:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016070.html

Accepted and merged:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1f8f78a49b8fd6b2862a3882053b1c6e6e111e5c
===
Comment 1 Petr Menšík 2023-01-23 12:11:33 UTC 
I think this issue was already fixed on Fedora bug #2024166, should be relative simple to backport.
Comment 2 Petr Menšík 2023-06-14 10:10:07 UTC 
Should have a working test, checking it actually works.
Note You need to log in before you can comment on or make changes to this bug.