Bug 2207798 - dnsmasq: cannot open log /var/log/dnsmasq.log
Summary: dnsmasq: cannot open log /var/log/dnsmasq.log
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnsmasq
Version: 8.6
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Petr Menšík
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-16 23:18 UTC by kmoriguc
Modified: 2023-08-16 07:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat/centos-stream/rpms dnsmasq merge_requests 25 0 None opened Add group writeable permission for log file 2023-07-20 20:06:06 UTC
Red Hat Issue Tracker RHELPLAN-157428 0 None None None 2023-05-16 23:18:51 UTC

Description kmoriguc 2023-05-16 23:18:32 UTC 
This bug was initially created as a copy of Bug #2024166

I am copying this bug because: 
The issue is very much the same, and the fix has not been introduced to RHEL.


Description of problem:


This had been reported in bug 1663692 two years ago, but apparently has re-surfaced:


============================================
$ grep faci /etc/dnsmasq.d/work.conf 
log-facility=/var/log/dnsmasq.log

$ ls -ldZ /var{,/log{,/dnsmasq.log}}
drwxr-xr-x. 1 root    root    system_u:object_r:var_t:s0              246 Nov 17 02:51 /var
drwxr-xr-x. 1 root    root    system_u:object_r:var_log_t:s0         1230 Nov 17 02:40 /var/log
-rw-rw----. 1 dnsmasq dnsmasq system_u:object_r:dnsmasq_var_log_t:s0 5410 Oct 20 10:44 /var/log/dnsmasq.log

$ systemctl restart dnsmasq.service 
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.

$ journalctl -l | grep dnsm
[....]
Nov 17 14:11:20 host audit[51617]: AVC avc:  denied  { dac_override } for  pid=51617 comm="dnsmasq" capability=1  scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=capability permissive=0
Nov 17 14:11:20 host dnsmasq[51615]: dnsmasq: cannot open log /var/log/dnsmasq.log: Permission denied
Nov 17 14:11:20 host dnsmasq[51615]: cannot open log /var/log/dnsmasq.log: Permission denied
Nov 17 14:11:20 host systemd[1]: dnsmasq.service: Control process exited, code=exited, status=3/NOTIMPLEMENTED
Nov 17 14:11:20 host dnsmasq[51615]: FAILED to start up
Nov 17 14:11:20 host systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Nov 17 14:11:20 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnsmasq comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'


$ ausearch -m avc | grep dnsmasq | tail -1 | audit2allow 
allow dnsmasq_t self:capability dac_override;

============================================


Version-Release number of selected component (if applicable):
dnsmasq-2.86-3.fc35.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Configure dnsmasq to log its output to a log file
2. Start dnsmasq.
3. dnsmasq is not able to start.

Actual results:
dnsmasq does not start.

Expected results:
dnsmasq should start.

Additional info: Removing log-facility=/var/log/dnsmasq.log from the configuration makes dnsmasq start just fine.
Note You need to log in before you can comment on or make changes to this bug.